As ransomware goes, WannaCry spread spectacularly far and fast, aiming at enterprises more than consumers – but with meager effect on many, thanks to data backups.
Kudos for all those IT people who take their data backup duties seriously!
Preventing ransomware attacks – with people
Still, there’s the matter of how WannaCry wormed its way onto so many enterprise networks to begin with — and that mostly comes down to your clients’ weakest link: their employees.
Here’s what you can advise your clients to do to help strengthen that link:
Focus on training employees
Along with ongoing informal training, commit with incentives to formally training employees with social engineering testing at least a couple times a year.
Implement social media policies that limit posting of work-related information
Most ransomware is delivered via spear phishing , which exploits information about the target gathered from social media via social engineering.
Implement email handling policies
Phishing emails are notorious ransomware vectors, but phishing can be stymied by scanning all incoming and outgoing emails as well as by training employees not to open emails or attachments of unknown origin or which appear in spam folders.
Use two authentication factors
Famously inadequate, passwords get some help from password managers and single sign-on , but training employees to embrace two authentication factors can save your clients’ bacon.
Stop shadow IT
Permit employees to request new cloud apps and services to keep them from shadow IT’s often well-disguised social engineering scams.
Filter web sites
Before allowing employees to download from web sites, search uncertain URLs. Do not download anything from unknown or anonymous sources. And block ads.
Enforce ‘least privilege’
Any given account, employee, or system should have the least privilege required to perform appropriate tasks:
- Restrict access to software. Group policies can be used to granularly control file execution on endpoints . Whitelist software, plug-ins, and add-ins so only approved programs can run on your clients’ systems or on employee-owned devices with access to your clients’ enterprise network.
- Restrict administrative rights on endpoints. Because every privilege is a potential attack surface.
- Restrict user rights on endpoints . Limit employees’ access to only the data needed to do their jobs.
Getting expert help for your clients
As your clients’ information and network security needs become more complex and challenging, expert assistance from an experienced security technology partner can make all the difference.