I hear backup companies talking about protecting against Ransomware and it normally means after the fact it will help you recover. Some of them do talk about it that way – and some don’t. But this article will be about the defense. Not a detail type plan but good and important things to think about.
- You do need to protect your backups. While not truly part of the defense it is still key. You can find out more here but the short form is you need a technology gap in your backups. So if you use tape it is an air gap, or if your VMs are in the cloud, that is an API gap. But either the air gap, or the API gap are good examples of what you need to do. Malware, cannot easily get past the air or the API. Nor can a rogue worker.
- The most important thing is to educate your end users. They need to know that they should never download files from unsolicited email, or click on links in emails that are not logical. They should know that banks and other service companies will never ask them to authenticate to accept something or to change their password. If one of those emails is so good they believe it, they should in fact still not click, but separately go to the bank web site and log in. Not through the email but on their own. If they just ordered something from Amazon it might be OK to click but it would be safer to go to amazon and check the order history. Teach them about watching for the lock or the Secure in the URL line.
- The end users, and admins, should use a complex password that is different for each different service and then use a tool like 1Password or 1Password for Teams to create and manage those passwords.
- The end users, and admins, should not use a common account and password for anything – never.
- A firewall that can monitor applications and protocols should be in use. And it should have a current subscription for malware. This is important as it it monitors even the ports you have legitimately open for reasons to close them – like malware seen in a legit stream of HTTP! This is not perfect but it will help. Keep the firewall and the subscription current. Need more info on application firewalls?
- The end user computers, should have current OS’s and should be patched current. Patching is important.
- The desktops should have anti – malware software and it should be current and kept current. This is not ideal or perfect but it is part of the defensive strategy.
- The email server should have anti – malware installed that includes both anti spam and anti other sorts of malware.
- Try and avoid flash where possible.
- Keep applications like flash, and Acrobat reader upgraded and current.
- Using a proxy server is often helpful, particularly if it has anti-malware integrated with it. It can block inappropriate sites, but it can also block sites that have security issues.
Last thing about is to get to know your VMware or Microsoft partner (doesn’t really have to be from them but often that is where you might have existing relationships) and likely there is one you can have a good relationship with. I used to be one of those. And those partners can help with what we are talking about here. They have done it before!
This all might sound worse then it is, but avoiding malware problems, and keeping things running is good and this will help you with both of these things.
Questions and comments are always welcome.
=== END ===