1. Assume you will be hit. No one is invulnerable to a ransomware attack. Denial is not defense. Better to be prepared and not attacked than attacked and not prepared.
2. Backup. Backups are the best way to recover your data after an attack (other than paying a ransom). The industry standard approach is 3, 2, 1 – 3 sets of backups, 2 different types of media, 1 set kept offline.
3. Layered protection. The best way to defeat a ransomware attack is to prevent it. Layered protection blocks attackers at as many points as possible across your network. Eliminate single-point failure (i.e., any defense that if it is breached will render all other defenses useless).
4. Defense in Depth. Layered security that includes technology solutions as well as personnel and policy solutions. Technology automates detection but cyber expertise is needed to detect other signs of an attack. (Outsource if necessary to include monitoring, training and incident response.)
5. Don’t pay the ransom! While it may seem like the quickest way to return to normal operations, you may not regain your data. Additionally, studies show that, on average, adversaries will restore only two-thirds of your files.
6. Have a plan. An incident response plan that is prepared in advance will keep a cyber attack from becoming a disaster. Make sure your employees know what to do, who to call, etc.