Ransomware is one of the most discussed topics in the Pulse community. We asked one of our Pulse community members to provide his input on what organizations should be doing to prevent ransomware attacks.
Ransomware is one of the most discussed topics in the Pulse community. Over the last few months, we’ve seen an increase of questions and Quick Polls from Directors, VPs, and CxOs primarily in the healthcare, finance, and IT industries seeking advice from their peers on ransomware prevention methods. We asked one of our Pulse community members, Mark Thiele—who is the CEO of Edgevana—to provide his input on what organizations should be doing to prevent ransomware attacks.
Ransomware prevention tip #1: Regular training
First, Mark suggests implementing regular, mandatory training for employees across all levels of the organization on the risks associated with social engineering and fraudulent emails. A Quick Poll in our Pulse community shows that 55% of other technology leaders agree that employee education is the most critical step in preventing ransomware. Although this is a common practice, enforcing regular cybersecurity and ransomware awareness training is often not done the right way. How do you get employees to care about this type of security training?
Mark comments, “Leadership has to effectively convey the importance of maintaining security vigilance. If security is mentioned in onboarding training or maybe through a quarterly test email, then it will get the level of attention the employee thinks the business is giving it, which is not much. Create a top-down approach to how security is adopted and how the importance of it applies to building revenue, protecting the future, creating/saving jobs, and having the C-Suite directly involved.”
Ransomware prevention tip #2: Recovery plan
Next, Mark suggests ensuring that IT has a business recovery or continuity plan, which includes two broad areas: data recovery and environment.
Data recovery
In a recent poll, 83% of respondents stated their organization will likely be implementing a ransomware remediation plan over the next year. Mark emphasizes the importance of using best practices for backup retention and protection against ransomware, such as using encrypted and multi-version data backup, along with regular testing. He also stresses another common yet major security flaw: backups should not be kept on a network that could be shared with other possibly compromised networks.
Environment
Determine how quickly and effectively data can be recovered in an environment (i.e., an application on servers with a single client or hundreds of clients).
Ransomware prevention tip #3: “Destroy and replace” protocols
Although this method might not be the best long-term solution to ransomware prevention, Mark proposes developing a “destroy and replace” protocol and process for all environments. This means that everything within an environment should be destroyed: networks, servers, identity, client, images, and more.
Unfortunately, it doesn’t seem like we’ll see an end to ransomware attacks, which means ransomware prevention is going to continue to be a hot topic over the foreseeable future.
Access data and intelligence from thousands of verified technology CxOs, VPS, and Directors, while engaging in compelling conversations about what's top-of-mind for tech leaders today.
Join the Pulse Community
Azarmeen Dastoor
