Ransomware Risk Mitigation Part 1

Ransomware Risk Mitigation Part 1

This is the first blog in a three part series in ransomware risk mitigation. Every business and organization, regardless of size, must be constantly protecting themselves against a ransomware attack. Our three-part series covers a number of steps an organization (and their IT organization) can perform to help mitigate the possibility of getting a ransomware attack in the first place, along with some strategies on recovering from a ransomware attack.

Enable Multi-Factor Authentication (MFA)

Multi-Factor Authentication is a method of verifying a user’s identity two separate times when logging into corporate resources. For instance, when logging into email on the web, the user first enters their user ID and password, then the system prompts them for a second response, usually through an app on their phone or a text message. This second unique login ensures that even though a hacker may have procured the user’s password, because they don’t physically have access to the user’s cell phone, they are unable to gain access to your computer resources.

The process for enabling MFA can range from simple (Office 365) to advanced (Windows Network Logins) depending on the method of MFA and the systems it will be protecting. Our recommendations and best practices are to enable MFA on every product or account that offers it. The most vital systems to enable MFA on are web mail (email), VPN and Remote Desktop connections, and any account that has administrative access to business systems.

Enable Robust Spam Filters

Enabling a robust spam filter is a key ransomware risk mitigation step. Since many ransomware attacks are delivered via phishing emails, spam filters aim to block those phishing emails before they reach an end user’s inbox.

You can enable advanced spam filters in several ways:

  1. Install additional software on each computer in your environment.
  2. Subscribe to and enable internet-based filtering, such as Securence.
  3. Subscribe to and enable mail system-based filtering, such as Microsoft Advanced Threat Protection for Office 365.
  4. Purchase and deploy a hardware device designed specifically to filter email.

Implement and Maintain End User Security Training

While there are many technical items on this list, the most straightforward and easiest to implement is to train your staff on how to identify and handle phishing emails and other security risks. While some organizations will conduct staff-led training, we recommend subscribing to and implementing a monthly end user security training program. Monthly training developed and managed by an IT professional ensures that training is always fresh in the user’s mind and is up to date on the latest trends in phishing.

Most IT end user security training programs are internet-based and perform several important functions:

  1. Monthly security awareness training for each end user. Most systems can track the training progress and notify systems administrators if staff is falling behind on their training.
  2. Monthly phishing awareness testing. Sends out fake phishing emails to test staff, making sure training is effective and users are always on the lookout for phishing emails. If they fail testing, administrators will be alerted and extra training can be assigned.
  3. Pre-built security awareness training campaigns. Designed for group training sessions when it makes sense to train several staff all at once. For instance, if you have several staff members who are field based (say, a road construction company), training them all at once might be a good plan.

Many insurance companies and regulatory agencies are now requiring a fully implemented end user security training program. Others will provide discounted premiums to those with implemented training programs. Either way, deploying an effective training program is a critical part of your overall security program.

Next week we’ll be continuing our list of ransomware risk mitigation steps you and your staff can take to make sure your business, employees, and clients are protected against ransomware attacks.


This week’s post is by Tim Malzahn, Principal Consultant at Malzahn Strategic