It seems like every day organizations are being hit by ransomware. In addition to ruining data, many ransomware organizations have taken it upon themselves to publish the data that they steal. How do you protect your business from ransomware and keep your data from these organizations while keeping your IT budget under control? Read on for our tips to protecting your data from malicious actors.
We understand that overall improving security measures on your network are a good way to stop malicious attacks, however in this post we are going to assume you couldn’t stop the attack. What things, if you had done them beforehand would minimize the impact of the attack?
Keep data offline
Critical data files can’t be stolen or encrypted if that data does not have a path (direct and indirect) to the internet. What does this mean?
Keep archive data offline. Do not store data on servers or systems that have access to the internet. Does your data really need to be stored in the cloud? Where possible take your data offline and store it on a hard drive or other media in your safety deposit box at your bank (preferably in 2 separate banks). Not only will you protect it from outside parties but you’ll find your cloud storage costs are reduced.
While this doesn’t seem like a solution especially in this day and age of hyper data accessibility and cloud services, it certainly is effective at keeping your data protected and out of the hands of malicious actors. Remember, balancing accessibility and security is a tightrope.
Patent information, trademarks, tax data, specifications and work on past projects can all be archived offline. Don’t forget about your email as well. Email past a certain date threshold or other criteria should also be removed from online mailboxes and archived as well.
Consider implementing a data retention policy
Data retention policies define how long you can keep data, when it should be destroyed and how to determine that.
Organizations often fail to take the step of deleting data that is no longer required. As a best practice and to protect your organization and your customers, data that has been held in excess of the retention period must be deleted.
Standards such as PCI DSS and GDPR govern data retention, and they state that data should be deleted when it is no longer in use. Often people think that holding on to data is more secure than requesting it again. But it’s not. Is putting all your money you’ve ever earned in your wallet more secure than placing that money in the bank and only withdrawing what you need?
By holding on to data since the beginning of time, the reward and demands from ransomware actors to your organization can be substantial.
PCI DSS and GDPR standards exist to protect private data and keep it from malicious individuals. Even if you’re not governed directly by these standards, following them is in your company’s best interests. We recommend you create a data retention policy and ensure that your IT team and staff follow it.
Encrypt your data
If you can’t keep your data offline store your data in systems that allow it to be encrypted at rest. This might not prevent you from loosing access to your data if ransomware strikes, but it does prevent it from being stolen and used by those same people.
Ensure that you ask your IT team about whether your data is encrypted natively by the system you use to access it. Our Nextcloud service encrypts data in transit as well as at rest. Your backup software should also do this as well. We use Duplicati, but products from Veeam and Acronis also offer encrypted backup storage.
Its important that keys for decryption are stored separately and are inaccessible.
Keep current backups and keep them inaccessible
Keeping backups won’t stop a ransomware attack, but it does mean you can recover from one. Pair this with encrypting your data and you’ve effectively eliminated the leverage that a ransomware actor has over your company. If they can’t use the data that they steal and if you can recover without paying the ransom, they’ll be wasting their time.
Keeping backups offline doesn’t necessarily mean automation cannot work. What it means is that malicious code cannot directly reach those files.
Your backup software should connect to the data store directly instead of using a mapped drive. A good example of an implementation is how Veeam uses cloud repositories and stores user credentials for access to those files. Duplicati also directly connects to the endpoint and does not rely on mapped network shares/drives.
Additionally, don’t forget to test your backups regularly.
Improve Network and Device Security
This topic is broad and covers how to prevent the attack in the first place. However, this is out of scope for our post so we’ll not be covering it here. Please note that improving security overall on your network can stop ransomware and hacks but if you are hacked the tips above will minimize and possibly negate the damage.
Protect your business from ransomware by minimizing the impact of ransomware to your data. Ensure you keep archive data offline and inaccessible. Protect online data by developing a data retention policy and enforcing it. Encrypt your data at rest and in transit. Store your encryption keys separately, and keep current encrypted backups. Test your backups.
Our last tip: To protect your business from ransomware be sure to run scenarios with your IT team. Make the assumption that the malicious ransomware team breached your defenses. What steps have you taken that will protect your data in that scenario?