By Richard Peterson, President of Scotchtown Technology
START WITH THESE 5 BEST PRACTICES
As listed in the president’s new Cybersecurity Executive Order, the U.S. government has selected five highly impactful steps to help organizations focus and make rapid progress in driving down ransomware risk. The recommended best practices are:
- Ensure that your backups are regularly tested and that they’re not connected to the business network.
- Update and patch systems promptly and maintain the security of operating systems, applications, and firmware promptly.
- Regularly test your incident response plan.
- Use a third-party pen tester to test the security of your systems and your ability to defend against a sophisticated attack.
- Carefully filter and limit internet access to operational networks.
- Adopt multifactor authentication and encryption for data at rest and in transit.
Businesses should increasingly look for MSPs that can help them implement these best practices.
We offer clients penetration-testing services that evaluate their current defenses and gauge their vulnerability to attack. Organizations appreciate this because most don’t do their security tests and know—or should know—that they’re vulnerable to ransomware. As part of your penetration-testing services, we send dubious-looking emails to your clients and see if their employees open them or click on links embedded in the email body.
We also help our clients implement better systems for data backup and recovery. We assist them with deploying an effective backup system, they’ll be prepared to respond to attacks and repair any damage quickly. We recommend a solution that provides immutable object storage on-premises or in the cloud. Such a solution takes an immutable snapshot of data every 90 seconds. It establishes a continuous series of recovery points, thereby ensuring that the customer’s data will be safe even if a ransomware attack is successful.
The unfortunate reality is that ransomware is here to stay. Indeed, we can expect the problem to increase and threaten businesses of all sizes. As an MSP, we play a valuable part in helping our customers defend against attacks and safeguard their data—and their future.