Six Smart Cybersecurity Practices to Help Protect Your Organization from Ransomware

Did you know the average cost of remediating a ransomware attack on a business more than doubled in the last 12 months? Shocking new findings reported by Sophos in their State of Ransomware 2021 global survey finds remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of $761,106 in 2020 to $1.85 million in 2021 — and the year is not over. The average downtime a company experiences after a ransomware attack is a catastrophic 21 days (Coveware, 2021).

The world has seen a surge of ransomware attacks since 2015 with no end in sight. It is more important than ever to prioritize cybersecurity in your business.

What is Ransomware?

A ransomware attack is a type of cyber warfare that encrypts a business’s critical data and makes it inaccessible until a ransom is paid. Finance and banking operations are particularly desirable targets, along with health care and critical infrastructure. However, all industries are attacked, and vulnerable if not prepared.

Cybersecurity is a top priority for all the industries PayQuicker serves and we employ security experts whose focus is to defend against attacks and lower risk. In this article, PayQuicker Senior Security Engineer, Christian Foster, will explain what ransomware attacks are, and offer six smart cybersecurity practices to handle the growing threat.

Six Smart Cybersecurity Practices to Protect your Organization from Ransomware:

1. Data Backup and the 3-2-1 Rule
2. Scripting Control on Endpoints
3. Multi-Factor Authentication
4. Security Awareness Training
5. Email Controls
6. Incident Response Plan

---

1. Data Backup and the 3-2-1 Rule

A critical practice that helps protect your organization from the devasting downtime caused by any disaster including being victimized by a ransomware attack is what is known as the “3-2-1 rule”. The 3-2-1 rule ensures that a backup of data is available if critical data is held hostage in a ransomware attack.

3-2-1 Rule: Ensure you have:

1. No fewer than three copies of your data, on
2. at least two different types of media, plus
3. one backup that is kept off-site.

Diligently following the 3-2-1 Rule ensures your critical data is available to run your business regardless of an attack. 

2. Scripting Control on Endpoints

In today’s threat landscape, scripts provide initial access, enable evasion, and facilitate lateral movements post-infection. Scripts provide a way for attackers to avoid making the changes that endpoint security products detect in a file-based attack, thus bypassing the threat detection capabilities of most commercial protection products.

Since 2017, successful endpoint attacks have increased significantly according to the 2020 Endpoint Security Report from Ponemon Institute. According to the report, the percentage of respondents reporting that their organizations experienced an endpoint attack that compromised data assets and/or IT infrastructure increased from 54 percent in 2017 to 68 percent in 2019. Script-based attacks account for 40% of all cyberattacks according to the same study.

Applications lacking scripting control fail to prevent or detect network or host scripts from running. These will not be helpful in the event of an attack, and attackers could use things like PowerShell to automate their attacks.

There are two general approaches to endpoint protection: (1) traditional (signature based), or (2) modern (behavior-based). While there are pros and cons to both, it is strongly recommended that companies use a modern, behavior-based solution with second generation detection.

3. Multi-Factor Authentication

Multi-factor authentication (MFA), an enhanced security mechanism, became wholly mainstream in 2020 when companies across all industries relied on remote workers to deliver their products and services. Workers, stakeholders, and clients needed access to business services and data through the cloud.  

MFA is a secondary security checkpoint that crosses mediums for attacker infiltration. Simple and phenomenally effective, MFA remains an absolute must in any organization’s cybersecurity plan. MFA is effective not just at preventing ransomware, but a slew of other types of attacks as well. Google reports that even the basic forms of two-step verification, sent through an app or SMS text messages, can stop 100% of automated attacks, 96% of phishing attacks, and 75% of targeted attacks.

PayQuicker offers two-step verification functionality to all clients and account holders requiring a password and a verification code (sent via an app or SMS) when logging into their account. This ensures authorized use, and access to funds and sensitive account information.

The most common threat and failure of MFA is user-error, specifically when a user passes the code or token along to a third party. Cybercriminals can bypass MFA by simply asking the user to read it to them, which leads into the next section.

4. Security Awareness Training

Employees are the first line of defense and often the weakest point of entry into an organization’s vulnerabilities. It is important to educate all users about various threats. 

Training topics:

• Regularly review the risks of USB drives, online links, and other methods of spreading malware.  
• Train employees and contractors on how to identify red flags, remain vigilant against potential threats, and provide resources for action if security issues arise.
• Conduct frequent and regular employee security awareness training including testing and real-world scenarios.  Measure employee responses to identify gaps.
• Execute regular social engineering and/or email phishing campaigns to further identify educational gaps. Provide additional training when appropriate to fill gaps.
• Implement password management policies and systems including:
  • Random password generation systems and automated password rotation on every account and device.
  • Strong passwords randomly generated or created by a combination of lower-case and capital letters, characters (#), and numbers, or password phrases.
  • Unique passwords for each account and avoid using the same password for multiple accounts.
  • Do not use passwords with any personal identifying information such as: date of birth, addresses, family, pet, or business names, personal interests, etc.
  • Store login credentials securely.  Avoid storing on paper or on a connected device that can be a hacking target.

5. Email Controls

There was a 64% increase in malicious email attacks in 2020 as cyber criminals took advantage of the rise in digital activity driven by new social engineering and remote work realities, detected by the Mimecast Treat Center. Email security is an important part of continuous improvements to your cyber resilience strategy, especially in a post-COVID world.

Using tools like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) can greatly improve the integrity of your emails, or at least make it more obvious when the integrity is broken. Most of these programs are free to implement within your existing email platform, removing one of the typical barriers to implementation.

The notable exception to what these frameworks can prevent is Business Email Compromise (BEC), in which malicious emails are sent from the legitimate email of the business. In these cases, only trained and vigilant employees can raise the red flag as previously discussed in Section 4 — Security Awareness Training.

6. Incident Response Plan

Finally, make sure that your company has an incident response plan (IRP) if the worst should happen. Consider including the following elements in your IRP:

• Incident response team including technology, legal, compliance, and communications experts, and roles and responsibilities for each team member
• Business continuity plan
• Outline of the systems, tools, technologies, processes, and physical resources that must be in place for business operations
• List of critical network and data recovery processes
• Legal representation to ensure all legal obligations are met
• Compliance representation to ensure all regulatory obligations are met
• Communications resources and guidelines for both internal and external information flow

In summary, these six smart cybersecurity practices do not guarantee that ransomware will not hit your company. However, having these protocols in place, and ensuring they are well-executed, will significantly reduce the risk and subsequent cost of ransomware attacks.

---