Patrick Domingues

CYBER DEFENSE BEST PRACTICES

• Regularly back up data and verify its integrity. Ensure backups are not connected to the computers and networks they are backing up. For example, physically store them offline. Backups are critical in ransomware; if you are infected, backups may be the best way to recover your critical data.
• Focus on awareness and training. Since end users are targeted, employees should be made aware of the threat of ransomware and how it is delivered, and trained on information security principles and techniques.
• Patch the operating system, software, and firmware on devices. All endpoints should be patched as vulnerabilities are discovered. This can be made easier through a centralized patch management system.
• Ensure anti-virus and anti-malware solutions are set to automatically update and that regular scans are conducted.
• Implement the least privilege for file, directory, and network share permissions. If a user only needs to read specific files, they should not have write-access to those files, directories, or shares. Configure access controls with least privilege in mind.
• Disable macro scripts from Office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full Office Suite applications.
• Implement software restriction policies or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders supporting popular internet browsers, and compression/decompression programs, including those located in the AppData/LocalAppData folder.
• Employ best practices for use of RDP, including auditing your network for systems using RDP, closing unused RDP ports, applying two-factor authentication wherever possible, and logging RDP login attempts.
• Implement application whitelisting. Only allow systems to execute programs known and permitted by security policy.
• Use virtualized environments to execute operating system environments or specific programs.
• Categorize data based on organizational value, and implement physical and logical separation of networks and data for different organizational units. For example, sensitive research or business data should not reside on the same server and network segment as an organization’s email environment.
• Require user interaction for end-user applications communicating with websites uncategorized by the network proxy or firewall. For example, require users to type information or enter a password when their system communicates with a website uncategorized by the proxy or firewall.