6 Expert Tips to Protect Your Organization Against Ransomware

Based on a recent webinar with experts from Otava and Veeam, this blog post outlines 6 tips for ensuring your organization can effectively deflect, or recover from, ransomware attacks.

For lots more detail around these 6 tips, including stories from the ransomware trenches and best practices from our experts, check out our new Ransomware White Paper.

Expert tips #1 and #2:
Educate users about the most common ransomware infection sources and enlist them as security watchdogs  

The vast majority of ransomware infections can be traced to someone within the organization unwittingly giving access to hackers. So an absolutely essential component of any security program is the education of everyone in the organization – first, about the types of attacks they may face, and second, how to avoid falling prey to them. An important benefit of security awareness training is that it empowers users to become security monitors for you. They’ll reach out to you to report things that just don’t look right – so you can investigate before they become a breach.  

Learn about the most important cyber security best practices and how to ensure employees follow them in our new Ransomware White Paper. 

Expert tip #3:
Implement zero trust protection

Back in the old days – the mid aughts, say – a core element of cyber security was perimeter protection, protecting the physical and logical environments from the outside world. Today, there is no perimeter. Even at organizations that don’t have large remote workforces, in many cases users can access the organization’s logical environment when outside the physical perimeter.  

So where the perimeter protection strategy used to be called defense in depth, now we refer to the cyber security approach as zero trust protection. Essentially it means treating every identity and every device as a potential threat. Once you start thinking like that, you can identify the attack vectors where you need to focus your attention. 

Learn about the most important elements of an effective zero trust protection approach and how to implement them in our new Ransomware White Paper. 

Expert tip #4:
Adjust your security practices for a remote workforce

Educating users about the most common ransomware infection sources, enlisting employees as security watchdogs, and implementing zero trust protection are even more critical if even part of your workforce is remote. The perimeter was disappearing well before 2020, but the COVID-19 pandemic hastened its demise. Now, securing endpoint devices is not just an on-premises exercise; it’s about securing all the remote devices, including user-owned devices. Best practice is to have a robust Bring Your Own Device (BYOD) policy to govern those endpoints. But even if you don’t have a formal BYOD policy in place, you can (and should) check your security posture along that access control layer. 

In our new Ransomware White Paper, learn more about cyber security best practices for a remote workforce including how to ensure users have secured their home Wi-Fi routers and the role of Desktop-as-a-Service in mitigating security risks. 

Expert tip #5:
Master the 3-2-1-1-0 rule

In case the defenses fall, an effective backup strategy will at least enable the organization to get back to business quickly with limited long-term impact. That backup strategy is known as the 3-2-1-1-0 rule: Have three copies of your data, on two different media, one of which is off-site and one of which is offline, with zero recoverability errors. 

Learn how to design your 3-2-1-1-0 strategy based on your current architecture and data retention policy in our new Ransomware White Paper. 

Expert tip #6:
Implement layers of data protection

Your data protection strategy should be layered based on the criticality of the data and how often it’s used. Those two factors determine the ideal recovery point objective (RPO) – the time span within which you need to be able to fully recover your data.   

In our new Ransomware White Paper, learn more about how to determine which data gets which level of protection. 

Bottom Line

If you’re concerned about your own organization’s protection against ransomware or other threats, contact Otava today. Our experts can review your current security systems and processes and make recommendations for mitigating the risk that a ransomware attack will affect you and ensuring fast and complete recovery if you are breached.

For lots more detail around these 6 tips, including stories from the ransomware trenches and best practices from our experts, check out our new Ransomware White Paper.