Step One of Ransomware Removal: Educate Your Users
Step one to ransomware removal? Don’t fall victim in the first place. That starts with educating users. Not to be glib about it, but any security expert will tell you the weakest point in any network sits behind the keyboard.
If you’ve succumb to a ransomware attack, do not worry and more importantly, do not pay the ransom. There are plenty of ransomware removal tools that will help you out of this jam. The best tool at your disposal is a fresh backup of critical data—learn more on how to wipe out ransomware by restoring your backup copy.
Let’s step back a moment to talking about the best defense for ransomware: Educating your personnel.
Training users to identify phishing attempts strikes the heart of the number one cause of ransomware infections—clicking bad links and inadvertently handing over sensitive logon credentials.
A couple of great ransomware prevention resources for getting started
10 Training Tips for Conducting an Anti-Phishing solution: This article gets in depths about what to do, and what not to do, when coaching up your staff to sniff out malicious e-mails.
A quick summary of the article:
- Don’t blindside users with training, but don’t be obvious about it either;
- Get buy-in for the training from the top-down. If WikiLeaks taught us anything, it’s that the boss is as liable to get phished as anyone.
- Beware how much clicking users have to do when going through training; remember, you’re coaching them NOT to click.
- Make sure you’re tracking results. This way, you know if the training is effective. Be able to show that staff clicked XX% fewer bad links after training, or something along those lines.
The article linked above goes more in-depth about how to training your users to spot and avoid ransomware links.
Another great resource comes courtesy of a one-man IT dynamo named Rocky Lott, who manages small enterprise security for a company in North Texas.
As he realized last year, one downside about third-party user training programs is that they can get pricey. So Mr. Lott applied a bit of ingenuity and worked up his own free anti-ransomware user training. He talked me through how a company can do that for themselves in a straightforward, inexpensive manner here:
The resultant article How to Set Up Free Anti-Phishing Training guides users through this process. Topics covered include:
- Why should a company should have a UTM device? Learn why site-to-site VPN and SSL-VPN support is critical so that remote workers can connect securely to office infrastructure.
- How to effectively communicate new ransomware threats to users as they are discovered.
- How the IT team measured the rate of users clicking on bad links, which were reduced three-fold as a result of anti-ransomware training.
- The source code for the free deployment and tracking software.
Set up and configure hardware for ransomware prevention
User training is the critical first step, but it must be backed by tools to flag threats—learn more about data protection tools that your company can employ to thwart and quarantine ransomware and other forms of cybercrime.
- Business-grade routers with stateful packet expansion (SPI) features are recommended for a company with 10-25 seats.
- Next-generation firewalls or a UTM should guard a network for medium sized infrastructure; with these tools staff can enable strong spam filters and authenticate emails entering the domain using technology like Sender Policy Framework (SPF)
- Host antivirus and antimalware software on server hardware so that updates are easily rolled out to all endpoints on the network; additionally make sure IT keeps operating systems and other software updated with the latest patches.
- Use Active Directory features in server software to manage the use of privileged accounts, and be frugal with administrative access.
A trained and vigilant user set is the first and most critical part of defending your company network against malicious takeovers of IT infrastructure. Ransomware prevention and removal requires smart tools and hardware configurations, and a smarter staff savvy that is able to spot suspicious links and avoid clicking on them.