The amount of ransom attacks world wide covered by the media are worrying. And who thinks these attacks are over is wrong. This is only the beginning. So in order to reduce the risks involved in a ransomware attack the organization should really start taking their Information Security more seriously. The ISO27001 ISMS framework is a good practice to reduce the risk for your organization provided you put every effort needed to establish a good ISMS in your organization and more importantly: maintain it ! In this article I will explain the possibilities to minimize the ransomware attacks on your organization.

The main steps which can be used to reduce the effect of a ransomware attack are:

Continues awareness of staff

Actually the media attention for major ransomware attacks already should have made your staff aware. But we all know our memory is short and 2 weeks after the media have stopped reporting about the latest ransomware attack everyone seems to have forgotten about it. Well this is the weakest link in your organziation information security. It starts with a continues awareness of staff of the possible risks.  How to do keep your staff continues aware ? By embedding information security in your organization processes and internal communications. For example hold a 2 weekly briefing, 2 weekly standup in information security, short sessions. Invite white hat hackers to show examples how to hack. There are numerous other things you can organize.

Email filtering

Don’t open mail from people you don’t know !  A simple rule I would say but still people do it. Set the email clients to receive only emails from thrusted parties. Strange emails have to go into quarantaine and mostly have to go into a spam box to be deleted. Filter every email you get from outside and even from inside the company.

Network Firewall policy settings

Your network security department should have the latest state of the art firewalls in place with up to date software and have all the rules of those firewalls up to date with known sources of trouble. This will filter out at least all known sources of trouble. Not the new ones however. It is important to have a continues logging of what is coming inside your organizations network.

Frequent backups

Also a weak link is the number of backups being made of all the organization data and applications stored accross your organization systems. Even if you are using cloud applications you will pobably have stored some data local on your staffs PC’s and Laptops. Make sure you have partitioned and segregated your systems data storage. So applications seperate from data for example. The OS of the laptop on a seperate partition. Make regular  images of your laptops so a full re-install of the laptop’s and PC’s can be done quickly.

Encryption of laptops, removable storage media 

We all know the USB sticks, SD cards. These are part of the weakest link in your organziations information security. There is no good policy in place how to handle private storage media in a company. But the main rule should be: no access to your network or company laptops or PC’s. All these private removeable storage devices are a big risk to your information security and should be limited in use. And preferably not be used at all. Also be aware of smartphones for that matter. The minimum you can do is to encrypt all data on removable storage devices, laptops and PC’s.

Business Continuity Planning

In order to keep the organization running after a ransomware attack it might be a part of your business continuity plan to have more backup systems in place. This will be costly however, but you must see a ransomware attack as if the organization building is burnt down. So you basically need to start all over again. This is not what you ever want to happen to your organization. So it is better to take the precautions I mentioned before and have backup systems in place. Even consider backup PC’s and laptops for your staff.  The inproductivity of your staff during ransomware attack will be a far bigger amount of money then a laptop.

Up to date software

The ransomware attacks in the media showed up to date software is one of the crucial parts of your information security. So take this really seriously and make sure every organizations laptop, PC, server has the latest software installed.

For more detailed information or help in implementing information security in your organization please conatct us at contact@informationsecure.nl

 

 

How to stop Ransomware according ISO27001
Tagged on:                                 

Leave a Reply