RANSOMWARE ATTACKS ARE BECOMING MORE COMMON and increasingly dangerous. Last May, for example, the infamous WannaCry virus struck nearly one-quarter of a million computers worldwide, affecting more than 10,000 organizations of every size and leading to an estimated $4 billion in economic losses. The following month the even more damaging GoldenEye strain of ransomware wreaked devastation across the globe.
Attacks like those pose a danger to every organization, but small businesses are particularly at risk, as they typically devote fewer resources to cybersecurity and rely on MSPs to keep them safe. MSPs who take that responsibility seriously must embrace a layered security strategy that 1) protects against viruses and malware, 2) introduces training regimens that educate users about phishing and other forms of social engineering, and 3) includes encryption and backup functionality. Here’s how my company creates multiple lines of defense for its clients.
Layer 1: Anti-virus and Anti-malware
Solutions that recognize and block viruses should be a staple of every organization’s security strategy. Unfortunately, however, hackers have a wealth of methods for sidestepping these systems, from attacking unpatched systems to unleashing zero-day exploits. MSPs must understand and compensate for those limitations.
With that in mind, we’ve made solutions from CARVIR, which combine endpoint detection and response software with security operations center (SOC) services, our first layer of defense. Among other things, CARVIR’s SOC team can identify the specific human interaction that enabled a particular attack, such as an employee who clicked an infected link or email attachment.
Layer 2: Employee Training
It’s an unfortunate reality: Most successful ransomware attacks begin with an unsuspecting employee unwittingly providing system access. That’s why every layered security strategy must include something to protect personnel from their own mistakes.
We like employee training solutions from Breach Secure Now! (pictured at right), but other vendors have similar services. The best offerings provide fine-tuned control over the educational process and allow you to perform simulated phishing activities and other tests to help workers prepare for potential attacks.
MSPs should always augment employee training solutions with security risk assessments and then follow up by proposing solutions to any areas of concern they discover.
Layer 3: Interior Protection/ Encryption and Backup Solutions
Encryption adds an effective extra layer of security against ransomware. We leverage the SimplySecure product family from Beachhead Solutions here. While not a direct deterrent to ransomware, SimplySecure (pictured below) prevents unauthorized access to data on our clients’ hard drives, protecting them against network-borne attacks and ransomware. It also allows us to layer Microsoft’s Encrypting File System feature on top of BitLocker, and to encrypt the data on individual user profiles. By scrambling the credentials needed for malware attacks to succeed, this approach blocks unauthorized access, even through zero-day or unpatched port vulnerabilities.
A reliable backup program that can help businesses recover quickly when ransomware attacks succeed is the final layer of an effective security strategy. Features to look for include the ability to quickly restore data and redundant local and cloud storage. Every MSP firm has a favorite. Ours happens to be Datto.
Ransomware attacks strike terror in many organizations, and small businesses are far from immune from the threat. MSPs that support those customers can avoid catastrophe by implementing a layered security strategy that defeats ransomware and its continual attempts to hijack critical business information systems.
TERRY COLE is the founder of Cole Informatics LLC, a Lexington, Tenn.-based IT, data, and business security solutions provider.
Opening image: Pixabay