7 security best practices: Preventing ransomware attacks — with people Posted on June 22, 2017 by Tim Burke If you have taken note of enterprise network security over the years, you’re aware of security best practices basics, which are also applicable to ransomware: layer your security defenses, back up your data, keep your software patched… These basics remain so essential that I’ll address them in my next post. Right now, though, I want to focus on your employees – the people operating the endpoints of your enterprise network. Why? Because, without question, your people are your weakest security link. Here’s what you can do to strengthen that link: Focus on training employees Commit with incentives to formal training with social engineering testing at least a couple times a year as well as ongoing informal training. Since one size does not fit all, training employees should be job- and task-appropriate. Implement social media policies that limit posting of work-related information Most ransomware is delivered via spear phishing, which exploits information about the target (say, your employees’ names and job titles) gathered from social media via social engineering. Implement email handling policies Phishing emails are notorious ransomware vectors, but phishing can be stymied by scanning all incoming and outgoing emails as well as by training employees not to open emails or attachments of unknown origin or which appear in spam folders – even if, say, the email gets name and job title right. Use two authentication factors Passwords – especially the same ones used over and over – are so not enough. Password managers and single sign-on help, but also training employees to embrace two authentication factors can save you enormous pain. Stop shadow IT Best bet: allow employees to request new cloud apps and services so they’re not tempted into shadow IT and its often well-disguised social engineering scams. Filter websites Before allowing employees to download anything from a website, search uncertain URLs to ensure the site is clean. Do not download anything from unknown or anonymous sources. And block ads. Enforce ‘least privilege’ restrictions Any given account, employee, or system should have the least privilege required to perform appropriate tasks: Restrict access to software. Use group policies to granularly control file execution on endpoints. You may want to consider whitelisting software, plug-ins, and add-ins so that only approved programs can run on your systems or on employee-owned devices with access to your enterprise network. Restrict administrative rights on endpoints. Because every privilege is a potential attack surface. Restrict user rights on endpoints. Limit employees’ access to only the data needed to do their jobs. In my next post, I’ll lay out security best practices for protecting your enterprise network and IT infrastructure in this age of ransomware and the zero-day attacks that make being taken hostage scarier than ever. Meanwhile, if you need help recovering from ransomware or cyberattack, get professional help now.