Ransomware attacks skyrocketed in 2023, with victims worldwide paying a staggering $1.1 billion to regain access to their data. No organization is safe – these attacks target businesses of all sizes and across all industries.

With the threat so prevalent, it's imperative to revisit cybersecurity best practices. This article explores key steps outlined by the U.S. Department of Commerce in their publication, Ransomware Risk Management: A Cybersecurity Framework Profile. These steps allow organizations to fortify their defenses and improve their ability to recover from ransomware attacks.

Employee Education Against Ransomware

The fight against ransomware starts with your employees. Here's how to empower them to be your first line of defense:

• Scrutinize Attachments and Links: Phishing emails are a common entry point for ransomware. Train employees to be wary of emails from unknown senders, especially those with urgent tones or enticing attachments. Encourage them to hover over links before clicking to see the full URL and advise them never to open attachments unless they're expecting them from a trusted source. Running a quick antivirus scan on suspicious attachments can also provide an extra layer of security.
• Maintain a Professional Digital Divide: Blurring the boundaries between personal and professional online activity can open the door to vulnerabilities. Using personal email, social media or chat applications on a work computer can expose your network to malware. Similarly, logging in with work credentials on personal devices can pose significant risks.
• Secure Your Network: Unknowingly, personally owned devices like laptops and smartphones can harbor malware. Combat this risk by enforcing a policy requiring prior IT approval before connecting personal devices to the work network. This allows your IT team to ensure these devices meet security standards and minimizes the risk of introducing vulnerabilities through unauthorized connections.

Patching the Gaps Against Ransomware

Ransomware thrives on exploiting weaknesses in systems. Here's how to minimize those vulnerabilities:

• Patching is Paramount: Software companies regularly release patches to fix security holes in their programs. These patches are crucial for plugging vulnerabilities that ransomware could exploit. Establish a system for checking for available patches regularly (ideally, automated) and prioritize their installation as soon as possible. 
• Zero Trust, Maximum Security: The "zero trust" approach assumes no user or device on the network is inherently trustworthy. This means every access attempt, regardless of origin, needs verification. Implement multifactor authentication and granular access controls to ensure only authorized users can access specific network functions.
• App Control: Your systems should only allow authorized applications to run. Configure your operating systems and security software to create an "allow list" of approved applications. This prevents unauthorized or potentially risky programs from running, effectively shutting the door on many ransomware threats before they can even start wreaking havoc.

Early Ransomware Detection and Rapid Response

Early detection is critical in mitigating ransomware damage. Here are key strategies to quickly identify and stop these threats:

• Multilayered Defense: Antivirus software is a crucial first line of defense, but it's not foolproof. Consider additional security software that scans emails, external storage devices and your network in real time. 
• Monitoring Your Network Pulse: It’s vital to continuously monitor user activity within your network directory. Unusual changes, such as unauthorized login attempts or file modifications, could indicate a ransomware attack in progress. Security software can monitor these activities and raise red flags if suspicious behavior is detected, allowing you to intervene quickly before the attack spreads.
• Building a Wall Against Malicious Sites: Ransomware can be downloaded from compromised websites. Utilize web filtering solutions that block access to known malicious web addresses or those exhibiting suspicious behavior. This proactive approach can significantly reduce the risk of employees accidentally triggering a ransomware infection.

Limiting Ransomware Reach Within Your Network

Even after an initial breach, you can limit the damage a ransomware attack inflicts. Here's how:

• Limit Privilege Access: Standard user accounts with multifactor authentication make it harder for attackers to gain extensive control. Reserve administrator privileges for those who truly need them.
• Thwarting Brute Force Attacks: Cybercriminals often use automated tools to guess passwords.  Implement measures like login delays or automatic account lockouts after a certain number of failed attempts.
• Micromanaging Access: Assign access to systems and data on a "need-to-know" basis and regularly review user permissions. This ensures that only authorized personnel can access sensitive information.
• Immutable Backups: Traditional backups can be overwritten by ransomware, rendering them useless. Consider immutable backups, which create unchangeable copies of your data. These act as a historical record, allowing you to restore data to a clean state before the attack.
• Secure Remote Access:  If remote access is necessary, utilize secure VPN connections.

Preparing for Recovery

Even with the best defenses, ransomware can sometimes slip through. Here's how to ensure a swift and smooth recovery:

• Plan for the Unexpected: Develop a comprehensive incident response plan. This plan should outline roles, communication strategies and clear decision-making protocols in the event of an attack. Regularly test and update this plan to ensure everyone involved knows their responsibilities.
• Backup and Beyond: Regular data backups are a must. However, simply backing up data isn't enough. Store backups securely and ensure they're isolated from your main network. Test your restore process regularly to guarantee you can retrieve data quickly and efficiently.
• Assemble Your A-Team: Ransomware attacks can be a multifaceted challenge. Maintain a list of key contacts, including law enforcement, legal counsel and cybersecurity professionals. Having a team of experts ready to respond can save valuable time and resources during a crisis. Think of them as your emergency response team prepared to help you navigate the complexities of a ransomware attack.

The above strategies can significantly reduce your organization's risk of ransomware attacks. Implementing these measures is the first step towards improved cybersecurity. If you have any gaps in your current defenses or specific concerns or simply want to tackle one of these steps at a time, our team of cybersecurity professionals at CBIZ can help you navigate the process and develop a comprehensive ransomware risk mitigation strategy. Connect with our team today.

Copyright © 2024, CBIZ, Inc. All rights reserved. Contents of this publication may not be reproduced without the express written consent of CBIZ. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.

CBIZ MHM is the brand name for CBIZ MHM, LLC, a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of publicly traded and privately held companies. CBIZ MHM, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ).