When it comes to dishing out constructive criticism, our moms are no slouches. They’re our toughest critics but also our biggest fans. Why? Because they love us and want us to succeed.
So what would your mother say about your organization’s IT security posture—especially in light of the steadily increasing incidents of ransomware?
As I noted in my first post about ransomware, the FBI reports that a “detect and respond” model provides little value because once the ransomware is running, it’s too late.
That’s why our ransomware checklist on prevention—encompassing the following nine steps—is critical to combatting such malware:
- Patch the critical operating systems and applications
- Ensure that antivirus software is up-to-date and that regular scans are scheduled
- Manage the use of privileged accounts
- Implement access control that focuses on the data
- Define, implement, and enforce software rules
- Disable macros from Microsoft Office files
- Implement applications whitelisting
- Restrict users to virtualized or containerized environments
- Back up critical files frequently
For most organizations, patching should be the first or second line of defense against any attack. This holds true for ransomware as well. The next step should be ensuring that your antivirus (AV) software is current and that you schedule regular scans.
Long Live (“Livne”) AV?
According to LANDESK’s Eran Livne, principal product manager for security, many individuals in the IT security space claim AV is dead. “Maybe it’s true, maybe it isn’t,” says Livne, “but you need to cover your bases. AV is still a crucial component that you must have because you don’t want to be infected by the knowns. You don’t want to fall victim to malware threats that are already identified and tagged by your AV vendor.”
Ensuring that your virus definition database is always up to date on all your workstations is the most important element of an effective AV strategy.
LANDESK security management software can automate this process for you. As Livne explains, the solution can distribute the latest virus definition file to all your endpoints in any size of environment very efficiently bandwidth-wise.
“And since we support most AV vendors,” Livne explains, “our solution will most likely work with your AV vendor. If you choose to use our AV solution, which is based on the Kaspersky Lab antivirus engine, we will also automate scanning and AV management from one console.”
Livne also stresses the importance of minimizing privileges and managing the use of privileged accounts. For example, a recently discovered ransomware attack called “Petya” requires administrator privileges to run, and will do nothing if the user doesn’t grant those privileges.
“Removing administrator rights is easy, but balancing privileged access, user productivity, and enterprise security isn’t,” he says. “Thus the need for privilege management solutions.”
The LANDESK security team advocates the importance of privilege management, which is one of the reasons why LANDESK acquired AppSense, providers of a proven solution in this space (among other great tools).
AppSense Privilege Management can help you define policies that limit administrative privileges to those that authorized users need to do their work.
No doubt about it, ransomware incidents are on the rise, but you can fight back.
Learn more about these nine prevention steps by downloading our free whitepaper below.