The Biden administration Wednesday urged private U.S. companies to take five key steps to protect against ransomware. These are best practices most likely to reduce an organization’s risk of succumbing to a ransomware attack.
Our clients are very familiar with these five steps. They are:
- Back up your data, system images, and configuration. Regularly test those backups, and keep offline copies of your backups. Criminals can’t encrypt what they can’t reach.
- Update and patch your systems promptly. A centralized patch management system is best.
- Test your incident response plan. Be able to answer whether you can continue operating without access to critical systems, such as billing or payroll.
- Use a third-party penetration tester to check your security measures and your ability to defend against sophisticated attacks.
- Segment your networks. Does everything need to be connected to everything else? If you have your network segmented, it stops or slows the spread of malware.
One of the key measures missing from this request is multi-factor authentication, which can stop attacks more than 90 to 95 percent of the time. However, in President Biden’s May 12 cybersecurity executive order, he does require U.S. government agencies to implement both multi-factor authentication and data encryption (at rest and in transit.)
You can see the White House letter “to Corporate Executives and Business Leaders” here.
Biden’s Executive Order on Improving the Nation’s Cybersecurity is here.
We offer cybersecurity consulting, including Risk Assessments and penetration tests, and we are very familiar with the NIST Cybersecurity Framework, one of the gold standards for protection out there.
It is a cyber war out there. We’re here to arm you with the very best security measures.
Talk with us if you need help implementing the strongest protections possible.