Ransomware Preparedness Checklist (GP)

Issue link:

Contents of this Issue


Page 0 of 2

1 Ransomware Preparedness Checklist Written by David Finn; Executive Vice President, Strategic Innovation at CynergisTek Preparing to deal with ransomware is important. Not having an adequate mitigation strategy in place in order to respond before your data is encrypted can be devastating. The following are some tips and best practices to enhance your posture when dealing with ransomware: Fortify your network layered security Periodically review your network defenses and determine if they are adequate to deal with the latest threats. In regard to this type of ransomware, it is about preventing lateral movement so concepts like network segmentation and zero trust are critical to your fortifications. Strengthen your existing email security Determine if your current email gateway has the capabilities to perform real-time inspection and detection of email attachments and downloads to remove potential malware threats that use hidden triggers before being delivered to the end user. Configure your mail servers to prohibit sending or receiving emails that contain executable files as attachments. That includes those that have an EXE, COM, SCR or JS extension. Flag suspicious e-mails that appear to come from internal addresses but are actually external. Review your current backup strategy Keep data safe and the backup network separate and encrypted. Use a separate network account to perform backups. It is always a best practice to ensure that your network administrator's account is not used to perform backups in the event that their credentials are compromised. Use the concept of least privilege where administrators have separate accounts for each major system they are administering, and they have the least privileges possible to do their jobs. Implement user accounts restrictions Limit your network user's access to resources, remove local admin rights, and ensure access to their network drives have the appropriate security. Use a tool to perform periodic user access reviews and implement multi-factor authentication wherever practical. Simply put, if MFA is not in place assume the system is not secure. In addition, change passwords on privileged accounts where MFA is not installed or if passwords have not been recently changed. In addition, change all password if they have not been changed for an extended period. Enhance your patch management Patch management in production systems is a challenging task. Review your patch management strategy, if you don't have one, it is important to develop it. Prioritize patching of critical systems and applications. Finally, run vulnerability scans to help ensure patches are deployed and aggressively work old machines and operating systems out of your environment. 1 2 3 4 5

Articles in this issue

view archives of Checklists - Ransomware Preparedness Checklist (GP)