Seven Ways to Reduce Your Clients' Exposure to Ransomware Attacks

Require strong, complex user passwords that are changed at least every 90 days. Lock accounts after a set number of failed log-in attempts. Protect user systems with screen locks and automatically lock users out after a defined period of inactivity.

Eliminate most local administrative rights, applying the principle of “Least Privilege” to all systems and services. Restricting these privileges can prevent ransomware from running or limit its ability to spread through the network.

Apply sound patch management strategies to close vulnerabilities in operating systems and apps, particularly third-party applications from vendors such as Oracle (Java) and Adobe. Vulnerable applications are the target of most attacks, so ensuring the latest updates will reduce the number of entry points available to a ransomware attacker.

Enable host-based anti-exploitation features such as Microsoft Enhanced Mitigation Experience Toolkit (EMET) to monitor, log and disable processes related to common memory-exploitation techniques such as buffer-overflow attacks.

Tag all e-mails originating from outside the client organization with “[EXTERNAL]” in the subject line to thwart targeted phishing attempts that spoof the organization’s domain.

Disable auto-run features for external media and disable macros in Microsoft Office documents attached to messages from external senders. Scan all software downloaded from the Internet prior to executing.

Have an incident response plan with formally documented procedures that all of a client’s key players (management, PR, legal, etc.) are familiar with and involved in on an ongoing basis. The plan should outline specific steps to be taken when ransomware is discovered, including individual responsibilities, business-unit jurisdictions and alternate workflow contingencies.