Update software and operating systems with the latest patches.
One of the simplest yet most effective measures against ransomware is regularly updating your software and operating systems with the latest patches since cybercriminals often target outdated applications and systems. Keeping your systems up to date ensures security gaps and vulnerabilities are patched, making it much harder for attackers to find a way in.
Routine scanning can help identify vulnerabilities in your systems and applications before attackers can exploit them.
Never click on links or open attachments in unsolicited emails.
Phishing emails are a common tactic used by cybercriminals to trick users into clicking on malicious links or downloading infected attachments. It’s essential to verify the sender and email content before clicking links or downloading files. If you ever receive an email from an unknown sender or a source you don’t recognize, it’s best to delete it immediately and warn your colleagues.
Back up data regularly on a separate device and store it offline.
Regularly backing up your data is an essential precaution to minimize the risk of data loss due to ransomware. Keeping a copy of your data on a separate device and storing it offline will help you recover your data after a ransomware attack. It is also crucial to test your backup system regularly to ensure the data can be restored when needed.
Network monitoring involves watching your network for suspicious activity and responding to any detected threats.
Follow safe practices when using devices that connect to the internet.
Safe practices when using devices that connect to the internet include:
· Avoiding public Wi-Fi networks.
· Not downloading files from untrusted sources.
· Ensuring your firewall is turned on.
· Use a secure web-browser.
Security awareness training.
Regular security awareness training can help educate your employees to identify and avoid phishing emails and other common cyberthreats. 88% of all breaches have a human element, and 80% of organizations who implemented security awareness training saw a decrease in phishing vulnerabilities within 12 months (Proofpoint 2021)
Anti-phishing and email security protocols and tools.
These can include email filters that can help block malicious emails before they reach your inbox. For those emails that do manage to slip through, this is where your security awareness training will pay off.
Strong password policies and good password hygiene.
This involves implementing password policies that require users to create strong, unique passwords and regularly change them. Opting for password-less passwords, 2FA, or using a password manager can all add a layer of defense to your confidential information.
Endpoint detection and response (EDR / XDR).
EDR focuses on monitoring endpoints, such as desktops, laptops and mobile devices, for suspicious activity and responding to any detected threats.