With the recent WannaCry ransomware attacks, endpoint security is at the top of everyone’s mind. Soon enough, there will be another malware variant with another catchy name. These attacks are not limited to large corporations; every computer on the web is vulnerable.
How can you protect your organization? Here are three simple ways to help protect your network from getting a ransomware infection in the first place and to limit the damage that any attack that does get through can do.
While technical solutions leap to mind for many people, I would suggest looking at the end user first. Just a little social engineering or cyber trickery on a user, and an attacker has a foothold inside your virtual environment. Even the most seasoned IT professional can absent-mindedly click on a link in an email without thinking about it first.
Another strategy attackers use to get inside your network is to load self-launching software on USB drives and leave them in convenient locations for employees to find. Who can pass up a free USB drive, right?
How can we harden the human component of our security plan? The short answer is training. We all know that it is easier said than done, especially given our limited resources and the increasing demands on those resources. However, training can be as simple as a monthly security newsletter — provided that it is both interesting and informative. Or try a recorded video blog that highlights threats and how to avoid being “that guy who infected the network.”
If your users don’t have permissions to make changes, then many attacks will not be effective, even if users fall for some attackers’ tricks. Users cannot, either accidentally or maliciously, change things they don’t have permissions to access.
Of course, users sometimes have a legitimate need to make changes, such as installing printer drivers or some client software. How can you balance the need for security against the need to ensure users can do their jobs? By following the principle of least privilege, which ensures that each user has exactly the permissions they need to do their job, no more and no less.
Quest Privilege Manager can help you establish and maintain a least-privilege environment, so you can secure your environment while ensuring users can access the resources they legitimately need.
The last of our three steps is to ensure that patching is completed regularly, since many attacks target OS and application vulnerabilities. Many people remember to patch their operating systems but fail to recognize that keeping third-party applications up to date is just as important.
Whether you choose native tools or third-party solutions to help, being consistent and timely with your methodology is critical. In enterprise environments, it is especially important to have a methodical plan for patching and testing. Ideally, your patch management solution will let you regulate when a patch is deployed, but still allow the end users some flexibility to delay the patching for a short time if needed. You also need a way to confirm that all the devices in your network are indeed patched and secured. The KACE Systems Management Appliance can automate these tasks, and many more.
Following these three best practices can take you a long way toward protecting your network — and your organization itself — from ransomware and other forms of malware. No matter which strategies you decide to employ or how complex your organization’s needs may be, we at Quest will be there for you.