9 most important steps for SMBs to defend against ransomware attacks | #malware | #ransomware

What is the best way for a small- to medium-sized business (SMB) to protect itself from ransomware? Ransomware is impacting firms around the world. Mandiant has indicated that ransomware is on the rise and doesn’t appear to be slowing down one bit. These are the nine tasks that SMBs should focus on to mitigate risk from ransomware attacks.

1. Have a backup plan and tested recovery process

Some might argue that multi-factor authentication (MFA) is the best way to protect a firm, but I’d argue that having a tested backup and recovery process would be better. Too often businesses overlook having a backup and a tested recovery process. Especially for firms with on-premises servers and domain controllers, have a process where someone – in the firm or a consultant or managed service provider — perform a dry run of an actual recovery process. When I’ve done a dry run, I often find that I need to perform some step that I’ve forgotten to restore from a bare metal process. You may find that a HyperV parent needs additional steps or you need to take ownership of the restoration image to fully restore a Hyper V server or virtual machine to full working condition. Ensure that you have a recovery script or manual in place so that staff tasked to recover know the steps. The documented steps will help lower the stress of the event.

2. No public-facing remote desktop connections

Do not expose servers to public-facing remote desktop connections. Many ransomware attacks start with attackers either guessing the passwords or finding repositories of administrative passwords left behind in online databases and GitHub repositories. We are often our own worst enemies when it comes to credentials, so never use public-facing Remote Desktop Protocol (RDP) in production networks.

3. Limit administrator and domain administrator credentials

Review your network for the use of local administrator credentials as well as domain administrative credentials. I have SMBs too often take the easy road is taken and allow users to be local administrators with no restrictions. Even worse is when a network is set up giving users domain administrator rights.

There is no reason for a network user to have domain administrator roles or rights while they are a user. For many years vendors often assigned domain administrative rights because it was an easy fix to get an application to work properly. Vendors have moved away from granting administrator rights to requiring installation in the user profile, but I still hear reports of consultants finding networks where the users are domain administrators. On your domain controller, run the command get-adgroupmember “Domain Admins”. No user in your organization should be a domain administrator.

4. Have a policy for confirming financial transactions

To ensure that your organization won’t be caught by business email compromise (BEC) attacks, ensure that you have an agreed-upon process to handle financial transactions, wires and transfers. Never rely upon an email to provide you with the account information for fund transfers. Attackers will often know that you have projects underway and send emails attempting to lure you to transfer funds to an account they own. Always confirm with the receiving organization that the account information is correct. If any changes to the process are made, there should be a documented approval process in place to ensure that the change is appropriate.

Copyright © 2022 IDG Communications, Inc.

Original Source link

Leave a Reply

Your email address will not be published.

ninety − 85 =