Ransomware, a type of malicious software that infects and restricts access to a computer until a ransom is paid, affects businesses of all sizes.
Ransomware attacks are the fastest growing malware threats, with more than 4,000 attacks occurring daily, on average, since Jan. 1, 2016.
The good news is that you can adopt these best practices to help you protect your business:
- Implement an awareness and training program. Because end users are targets, employees should be aware of the threat of ransomware and how it is delivered.
- Enable strong spam filters to prevent phishing emails (an attempt to obtain sensitive information electronically) from reaching employees, and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
- Scan all incoming and outgoing emails to detect threats and filter executable files (used to perform computer functions) from reaching employees.
- Configure firewalls to block access to known malicious IP addresses.
- Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system.
- Set anti-virus and anti-malware programs to conduct regular scans automatically.
Because end users are targets, employees should be aware of the threat of ransomware and how it is delivered.
- Manage the use of privileged accounts based on the principle of least privilege: No employees should be assigned administrative access unless absolutely needed, and those with a need for administrator accounts should only use them when necessary.
- Configure access controls—including file, directory, and network share permissions—with least privilege in mind. If an employee needs only to read specific files, he or she should not have write access to those files, directories, or shares.
- Disable macro scripts (tool bar buttons and keyboard shortcuts) from office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full office suite applications.
- Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs, including the AppData/LocalAppData folder.
- Consider disabling Remote Desktop protocol (RDP) if it is not being used.
- Use application whitelisting, which only allows systems to execute programs known and permitted by security policy.
- Execute operating system environments or specific programs in a virtualized environment.
- Categorize data based on organizational value and implement physical and logical separation of networks and data for different organizational units.
Visit the U.S. Computer Emergency Readiness Team for additional information on how to protect your business from ransomware attacks.
Author: Natale Goriel, U.S. Small Business Administration Official