3 Ways To Defend Against Ransomware
Ransomware - 3 ways to defend against the biggest threat facing IT departments today
Lately, we’ve seen headlines about major companies losing millions to ransomware, suffering data breaches, and experiencing stock crashes after their systems were compromised. In many cases, a ransom is publicly demanded in exchange for the return of stolen assets and data. It’s becoming clear that no one is safe — from small contractors to giants like M&S and even the NHS.
In this article, we’ll explore a few practical steps we can take to reduce the risk of becoming the next cybersecurity horror story. While no system is 100% secure, it’s essential to have an incident response plan, disaster recovery plan, and business continuity strategy in place in case the worst happens. That’s why appointing a strong information security delegate (or team) is critical regardless of your organization’s size.
1. Controlled Folder Access
Controlled Folder Access is a security feature in Windows Defender that protects sensitive folders by blocking unauthorized applications from making changes to them. It effectively creates a barrier around key directories like Documents, Pictures, and Desktop, allowing only trusted apps to write to those locations.
In today’s threat landscape, it is essential to enable this feature on all servers hosting critical data and, if possible, on all user endpoints as well. However, care must be taken to ensure that legitimate applications are not unintentionally blocked. Any necessary exceptions can be configured through Microsoft Intune or locally within the Controlled Folder Access settings.
2. User Education/Testing
The most common cause of data loss and cyberattacks is user error. No matter what technical controls are in place, if an attacker can trick a user into revealing confidential information, those controls may be bypassed entirely and the damage is already done.
The most effective way to address this is through regular user education. I’ve found that providing training on phishing and social engineering in bite-sized chunks helps keep users engaged and aware. In smaller companies with limited budgets, this could be something as simple as homemade PowerPoint slides or curated YouTube videos. For larger organizations, I recommend using a provider like BoxPhish, which delivers regular micro-courses to educate users on the latest techniques and threats used by attackers.
Another highly effective strategy is phishing simulations sending mock phishing emails to employees. If a user clicks a fake link, the system logs the action and follows up with targeted training or warnings. This helps identify high-risk users and encourages everyone to be more cautious, even paranoid about interacting with suspicious content, ultimately fostering a safer working environment.
3.Regular Backups Of All Precious Data
This one may seem old-fashioned and self-explanatory, but it’s critical to stay on top of backup procedures. Organizations should have well-defined processes in place for performing both full and incremental backups in on-premises environments, as well as ensuring cloud-based backups are properly configured.
The reason backups are so important is that when attackers gain access to your systems, they typically encrypt your data, rendering it unreadable and demanding a ransom to restore access. With reliable backups, you retain access to previous, unencrypted versions of your data, which allows you to recover without paying the ransom.
It’s also essential to establish clear Recovery Time Objectives (RTO) – how long it will take to restore operations and Recovery Point Objectives (RPO) – how far back the backups go and how much data may be lost. Understanding these metrics ensures your business is prepared to respond effectively and minimize disruption in the event of a cyberattack.
Conclusion - Defense-In-Depth
The key to defending against ransomware attacks is implementing multiple layers of defense to reduce your attack surface and minimize potential damage. At the same time, it’s crucial to continuously adapt and innovate your defensive strategies — it’s an ongoing game of cat and mouse against ever-evolving threats.
While there are many more technical and managerial considerations beyond what I’ve covered here, this article should serve as a solid starting point. Most importantly, make sure you have a detailed plan for recovering every critical service and application in your business if the worst happens. These plans should be tested regularly to ensure they’re effective. You can even create a home lab environment to practice or look online for real-world examples of Disaster Recovery (DR) and Business Continuity (BC) plans to help guide your own.
This article was written without the use of any LLM or GPT model — it’s simply advice based on my experience working in a SecOps team over the past few years.
0 Comments