Knowing how to recover from ransomware can save your company

Helder Almeida - Fotolia

This article is part of our Essential Guide: Recovering from ransomware: Defend your data with best practices

Ransomware disaster recovery: A checklist for continuity

Protection against ransomware can save a business money and time in the event of an attack. It's critical to plan ahead with BC/DR and security best practices.

Among the biggest concerns in information security today is ransomware, where malicious code embedded into a system...

prevents users from accessing data unless a ransom is paid. From a business continuity perspective, this represents a major risk to organizations of all kinds.

An inability to access critical systems and data, or the threat by the perpetrator to publish confidential data, can damage an organization's ability to conduct business and, more importantly, damage its reputation and competitive position.

Taking a page from information security and business continuity playbooks, the following tips on ransomware disaster recovery planning will help your organization defend its data.

Implement comprehensive backup

Identify the electronic systems, data and other intellectual property your organization needs to operate, and the loss of which could damage its reputation. Ensure these assets are securely backed up and stored in another location so they can be retrieved in an emergency.

For systems and data that change dynamically during the day, perform multiple daily backups using techniques such as data mirroring and replication to ensure the most current assets are available.

Stop ransomware before it starts

As your network perimeter is the most likely entry point for malicious code, ensure it is protected with as much intrusion detection and prevention equipment as possible.

A multi-element defense-in-depth security strategy is an effective method of protection from ransomware. For example, Barracuda Networks offers a number of products, such as Advanced Threat Protection, to increase your chances of disaster recovery survival and to help fight other threats.

In addition to your network perimeter, malicious code can enter your organization through several threat vectors, such as email attachments, remote access, web-based applications and smartphones. Work with your IT teams to prevent unauthorized access via technology.

When we consider individual employees as threat vectors, perhaps the most effective protection from ransomware is education. Develop and conduct training programs that explain potential threats to the company. Provide ransomware disaster recovery awareness reminders through the company intranet, email or an automated emergency notification system.

Social engineering, widely considered an effective way to breach security, can be mitigated through training and awareness programs. Provide similar training and awareness to your remote workforce.

Stay up to date

From a technology perspective, keep your security systems up to date with the latest software, hardware and patches. Do the same for your operating systems, applications, databases and network elements. Ensure your firewalls have the most current rules in place and make sure the same is true if you use intrusion detection or intrusion prevention systems for ransomware disaster recovery. As often as possible, scan email boxes and applications for vulnerabilities and provide patches as needed.

Plan ahead and test

Validate your perimeter's defenses through penetration testing. Test your internal networks for potential vulnerabilities. Conduct regular tests of security software to ensure it is performing properly and is ready to recover from ransomware.

Provide status reports to senior management -- perhaps in the form of a scorecard -- describing what is being done to keep up with protection from ransomware and other threats. Keeping management informed will ensure they understand and support your efforts; it can also lead to continued funding to keep your preventive measures operating properly.

Update your business continuity (BC) and technology disaster recovery (DR) plans to include ransomware and similar threats, as well as how such an event should be handled. Coordination with physical security and information security teams is essential to minimize damage to the organization and its IP assets.

Schedule periodic joint meetings of BC/DR and security teams to discuss information about new threats and new technology to mitigate threats, share information and plan for joint ransomware disaster recovery exercises.

Effective recovery from ransomware and other information threats requires not only a comprehensive and multilayered security strategy, but close coordination among BC, DR and security teams.

Next Steps

Plan your ransomware recovery strategy

Offline backups are key to recovering from attacks

Endpoint backup protects against ransomware

Dig Deeper on Disaster recovery planning - management