How to keep your hybrid workforce safe in three easy steps

How to keep your hybrid workforce safe in three easy steps

Rick Vanover, Senior Director of Product Strategy, Veeam, and Anthony Spiteri, Senior Global Technologist, Veeam, outline three crucial steps for ransomware resilience.

As Australia’s remote workforce continues to navigate the changing restrictions, IT departments are under growing pressure to keep employee data safe while outside an organization’s physical boundaries.

With many companies structuring their workforce around a model that accommodates around 30% remote workers, few were prepared for the jump to 100%. While this transition brings a wave of opportunity for organizations and employees, it also opens new doors for bad actors to capitalize on strained IT departments who have taken on additional responsibility to ensure sensitive data remains secure, whether on or off the corporate network.

While threats to company data range in attack method, ransomware continues to be one of the most prominent risks known to Australian organizations. Most recently, Telstra’s 2019 Security Report revealed that Australian organizations disrupted by a security breach in the previous 12 months could attribute 81% of these attacks to ransomware.

With this in mind, it is important that companies focus on acknowledging this threat and deploying strategies to prepare, defend and repair incidents, before adapting to a hybrid workforce model. This process will prevent organizations from falling victim to attacks where data loss or ransom payment are the only unfortunate options.

To win the war on ransomware, organizations should incorporate a plan for IT organizations that ensures they have the resilience needed to overcome any attack. Let’s explore three crucial steps for ransomware resilience in more detail.

Education not reaction
After threat actors are identified, education should be the first step taken on the path towards resilience. To avoid being caught in a reactive position, should a ransomware incident arise, it’s important to understand the three main mechanisms for entry: Internet-connected RDP or other remote access, phishing attacks and software vulnerabilities.

Once organizations know where the threats lie, they can tactfully approach training with strategies to refine IT and user security, putting additional preparation tactics in place. Identifying the top three mechanisms can help IT administration isolate RDP servers with backup components, integrate tools to assess the threat of phishing attacks to help spot and respond correctly, and inform users on recurrent updates to critical categories of IT assets, such as operating systems, applications, databases and device firmware.

Additionally, preparing how to use the ransomware tools in place will help IT organizations familiarize themselves with different restore scenarios. Whether it be a secure restore process that will abort when malware is detected or software that can detect ransomware ahead of restoring a system, the ability to perform different restore scenarios will become invaluable to organizations.

When an attack does happen, they will recognize, understand and have confidence in the process of working towards recovery. By taking the education aspect of these steps seriously, organizations can decrease the ransomware risks, costs and pressure of dealing with a ransomware incident unprepared.

Back-up to maintain Business Continuity
The implementation of a reliable backup solution is a critical component of ransomware resiliency and its use is key to maintaining strong Business Continuity. Organizations need to have a reliable system in place that protects their servers and keeps them from ever having to pay to get their data back. Consider keeping the backup server isolated from the Internet and limit shared accounts that grant access to all users. Instead, assign specific tasks within the server that are relevant for users and require two-factor authentication for remote desktop access.

Additionally, backups with an air-gapped, offline or immutable copy of data paired with the 3-2-1 rule will provide one of the most critical defenses against ransomware, insider threats and accidental deletion.

Furthermore, detecting a ransomware threat as early as possible gives IT organizations a significant advantage. This requires tools in place to flag possible threat activity. For endpoint devices displaced remotely, backup repositories that are set up to identify risks will give IT further insight into an incredible surface area to analyze for potential threat introduction.

If implementations don’t prohibit attacks, another viable option is encrypting backups wherever possible for an additional layer of protection – threat actors charging ransom to prevent leaking data do not want to have to decrypt it. When it comes to a ransomware incident, there isn’t one single way to recover, but there are many options aside from these that organizations can take.

The important thing to remember is that resiliency will be predicated on how backup solutions are implemented, the behavior of threat and the course of remediation. Take time to research the options available and ensure that solutions are implemented to protect your company.

Prepare to restore in the event of an attack
Though Australian businesses are some of the best in the world at implementing preventative measures, as a nation we must equip ourselves with the tools needed to remediate a threat if introduced. Layers of defense against attacks are invaluable, but organizations need to also map out specifically what to do when a threat is discovered.

Should a ransomware incident happen, organizations need to have support in place to guide the restore process so that backups aren’t put at risk. Communication is key, having a list of security, incident response, and identity management contacts in place if needed – inside the organization or externally – will help ease the process towards remediation.

Next, have a pre-approved chain of decision makers in place. When it comes time to make decisions, like whether to restore or to fail over company data in an event of an attack, organizations should know who to turn to for decision authority. If conditions are ready to restore, IT should be familiar with recovery options based on the ransomware situation.

Implement additional checks for safety before putting systems on the network again – like an antivirus scan before restoration completes – and ensure the right process is underway. Once the process is complete, implement a sweeping forced change of passwords to reduce the threat resurfacing.

The threat that ransomware poses to organizations both large and small is real. While no one can predict when or how an attack will happen, IT organizations that have a strong, multi-layered defense and strategy in place have a greater chance for recovery. With the right preparation, the steps outlined here can increase any organization’s resiliency – whether in office, remote or a combination of the two – against a ransomware incident and avoid data loss, financial loss, business reputation damage or more.

Browse our latest issue

Intelligent CISO

View Magazine Archive