Ransomware is a very scary thing for community banks. I have a couple clients that have had to go toe-to-toe with it and were fortunate enough to have solid backups for recovery.
Sophos wrote an article on how good your prospects were if you DIDN'T have good backups to recover to from a ransomware attack and the outlook is bleak.
BUT, they did include preventative measures that we can all take to avoid that situation altogether. I've summarized them below:
- First and Foremost: Have a good offsite backup strategy. Take time to regularly review what systems are backed up and is it frequent enough? How much data can you stand to lose if you did have to recover from a backup?
- Don't enable macros in attachments received in email. Train your users: If a file asks for macros to run, stop there and contact an information security team member for help.
- Don't open attachments you are not expecting. - self explanatory
- De-privilege your users - This means removing local admin rights from your users and limiting the use of admin accounts for IT staff. This is difficult for some users to swallow, and it can be some work to implement. BUT I can tell you first hand that this will greatly improve the overall security of your network.
- Patch, Patch, Patch - You need to have a patch management program in place for both Windows and 3rd party applications.
Read More on the Author's Website...