Skip to content

October 25, 2021 | Brian Anderson

How to Protect from Ransomware Attacks: 7 Top Tactics

They say an ounce of prevention is worth a pound of cure, and when it comes to the latest security approaches for ransomware attack protection, it couldn’t be truer. If you’re looking for the best way to defend against ransomware, malware that encrypts important files until the victim pays the ransom, this guide will go over the most common methods. And remember, one measure is good, but a layered approach is best. 

Best preventative practices for ransomware attack protection

Multi-factor authentication

Security is cumulative. When you employ multi-factor authentication, you bring an extra step of security to the login process. Your users will need a second device, such as a phone or an authentication key, to confirm their login credentials. 

Traditional multi-factor authentication (MFA) can take some time to deploy and be costly without an outsourced service. Using a cloud-based MFA service means a faster setup at a more affordable price. 

TierPoint offers multi-factor authentication services to fit different levels of security needs. Our CleanIP Managed Multi-Factor Authentication service, powered by DUO, helps protect every user with an easy and reliable cloud-based experience. Users and admins can receive push-based notification approvals, with support available for smartwatches, smartphones, and U2F tokens. 

For organizations with more stringent security concerns, TierPoint’s CleanIP MMFA Advanced service offers a souped-up version of our standard solution, providing information on security hygiene of all devices, phishing vulnerability, possible software updates, location, and network data, and more. MFA can be of service, whether your main priority is security, ease-of-use, or assessing vulnerabilities.

WAF

web application firewall, also known as a WAF, serves as an additional source of protection from inevitable human error in software development. No program is airtight or perfect, and not all vulnerabilities get caught immediately, especially with a newer application. A WAF works by protecting your data until the vulnerability can be fixed. If you ever arrived on a site and it took a moment to confirm that you were a human using the page, you have likely interacted with a WAF that was assessing you.

If your business deals in any personally identifiable information (PII), and/or additional regulatory or industry compliance standards, you should definitely be using a web application firewall. Even if regulation doesn’t demand it, the cost of accidentally compromising data can be so steep that it is often worth it to use a WAF proactively.

One thing to keep in mind with web application firewalls is that sometimes they can work too well. To manage one correctly, you need to be able to discern the difference between legitimate blocks and false positives.

Access control

Even if you have a fairly flat and transparent organization, chances are, there are some resources you’d like to limit to specific audiences. Access control involves who can and can’t view certain resources available in your computing environment. Whenever you limit access to only the users who truly need a certain functionality, you are mitigating risk for your business. 

Access control can involve physical limits, such as providing access to specific rooms or physical assets, as well as logical limits, which involves who can access certain important files or networks.

Authentication for access control can be done in a few ways, including:

  • Passwords
  • Personal identification numbers (PINs) 
  • Biometric scans
  • Security tokens

Endpoint protection

Hand-in-hand with many of the preventative measures listed here, endpoint protection is a larger term that includes protection solutions for endpoints, or devices connected to an organization’s network, that ensures a certain level of security is met. This could include:

  • Role-based access 
  • Blocked websites
  • MFA
  • Data encryption 
  • Antivirus
  • Threat detection 
  • Device patching
  • Secure email 

Threat intelligence and XDR

The goal of extended detection and response, or XDR, is to collect and analyze data to determine potential threats in advance. XDR will paint a broad picture of security threats by pulling data from components such as cloud workloads, edge routers, databases, network traffic, and system events. Instead of pooling resources from several different threat detection tools, XDR consolidates and streamlines these efforts, and may also be able to integrate with cybersecurity products and services already being used by the business.

More importantly, XDR can help better identify what is and isn’t a potential threat, saving you time from chasing down and investigating every false alarm that might get reported by a more sensitive and less precise tool.

Next-gen firewalls

As the name implies, next-generation firewalls go beyond traditional firewalls by bringing more than just basic packing and URL filtering to the table:

  • Malware filtering
  • Network intrusion detection
  • Web application protection 
  • Website blocking

This can provide a strong line of defense for any size business, serving as a comprehensive solution for smaller businesses that can’t afford enterprise services, or as a part of a bigger plan for larger organizations.

While some IT professionals shy away from next-gen firewalls out of fear that they will be too difficult to deploy or are too much for their needs, today’s solutions are easier to deploy and configure than they were even a few years ago. Many can also scale up, adding new features after initial deployment at your own pace. By doing this, IT professionals can use the information coming in to decide which features to employ next.

Security awareness training and programs

One of your best resources to prevent ransomware attacks comes from your users. The better you understand their cybersecurity strengths and weaknesses, the more you can tailor training to improve their knowledge and protect them from attacks and an infected system. 

Onboarding of new team members should include a training program that covers how to identify ransomware and protect against it. But it’s not enough to perform training, you also need to test that training. Send out spoof emails that look like ransomware requests. Any users that click on suspicious links from these spoof emails should get automatically enrolled in additional training.

It’s important with awareness and training programs to be consistent. This isn’t a “one-and-done” program. Continue to train users as new security threats emerge, and work on improving your user vulnerability scores.

XDR can help you protect against ransomware

Ransomware is an ever-evolving threat to the security of your business. Because it is sophisticated and dynamic, ransomware attacks require an advanced tool to continue to identify and protect your organization. The best way to guard against any type of ransomware is by stopping it before it leads to encrypted files. 

Even with all of the preventative measures shared above, the most effective security comes from a tool that can identify threats long before they reach your end-users or operating systems. To do that successfully, you need an intelligent and adaptable XDR solution.

Learn more about our Extended Detection and Response (XDR) solutions. 

Subscribe to the TierPoint blog

We’ll send you a link to new blog posts whenever we publish, usually once a week.