MSP Best Practices Securing Against Ransomware

By Jon Murchison, Blackpoint Cyber

Ransomware attacks are now considered a risk to national security following the sweeping uptick in cyberattacks. In March 2022, President Biden released a statement urging private sectors to take immediate action on shoring up their defenses against potential cyberthreats. This is the latest and most urgent warning we have seen yet, following a series of regular reminders to implement robust cybersecurity measures since the fall of 2021.

Improve Your Security Posture Against Ransomware

Fighting the threat of ransomware is an ongoing endeavor, but MSPs and their clients are far from helpless. Below are five effective best practices that both you and your clients can undertake to safeguard networks from ransomware attacks.

1. Security Awareness & Education
   
   Whether or not your client has a dedicated IT security team, they still rely on your ongoing support and expertise. As an MSP, educating your clients on key IT best practices allows them to better understand and embrace their responsibility for cybersecurity across their organization. Security is a responsibility of every person within the organization and fostering general awareness is the first line of defense. Clients who are aware of their role in maintaining IT security can better protect their business in the long term.
    
2. Establish And Follow IT Best Practices

• Implementing backup and disaster recovery (BDR) processes and having an incident response plan
• Having organizational support and buy-in on patching and upgrade activities, particularly for firewall and VPN appliances
• Upkeeping an effective employee management process, including having a standard offboarding process and monitoring/auditing user access rights regularly
• Establishing app-based multi-factor authentication (MFA) setup for all devices and remote monitoring and management (RMM) tools
• Removing internet-exposed remote desktop protocol (RDP) services
• Requiring complex passwords
• Learning how to identify phishing emails and social engineering attacks

3. Implement An Effective Security Stack With Active Monitoring
   
   There is no doubt that building and maintaining a security stack is one of the most important tasks for IT admins. It also can be quite an exercise in balance – employing many diverse cybersecurity tools means your systems are protected but add too many and the stack becomes complex and unmanageable. This can easily lead to oversight and vulnerabilities and result in a large up-front investment for the technology. An elegant security stack will include up-to-date endpoint protection technology, backup and recovery technology, MFA capability, VPN or Zero Trust remote network access, vulnerability management with patching, and 24/7 monitoring with active response.
    
4. Backups
   
   Backups are an integral element in any cybersecurity toolkit as it allows for business continuity in the event of a disaster or emergency. Investing in backups also guards you against cyberattacks where malicious actors encrypt your sensitive data and hold the information hostage. By storing your critical data in offline backups, cloud backups, or on external hard drives/storage devices that cannot be accessed from a potentially compromised network, you can safely access your data with little to no interruptions to your operations. Backup data must not be accessible for modification or deletion from the primary network.
    
5. Immediate Incident Response - Adopting An ‘Assume Breach’ Posture
   
   As malicious groups continue to evolve and employ increasingly sophisticated hacks, you'll need to establish an efficient incident response system. During an attack, your response time is crucial and often determines whether the malicious group succeeds in compromising your systems and encrypting your information. Attackers are moving faster than ever and the window of time between an initial breach and the ransom is shrinking. Investing in an around-the-clock managed detection and response (MDR) service means that you can fight back within minutes and days. No longer do you have weeks and months to detect suspicious activity in your networks.

Summary

Ransomware attacks are surging and affecting far too many sectors including government, manufacturing, healthcare, finance, and education. While nations are emerging from COVID-19 lockdowns, the explosive rise in ransomware attacks is becoming a pandemic of its own. As these kinds of threats are expected to remain high priorities for all businesses, investing in a pragmatic cybersecurity ecosystem ensures that your overall strategy is robust yet streamlined.

About The Author

Jon Murchison, founder and CEO of Blackpoint Cyber, started his career in network engineering and IT operations but quickly made the switch over to the covert world of the intelligence community. He has since spent more than 12 years planning, conducting, and executing high-priority national security missions. As a former NSA computer operations expert and IT professional, he brings a unique perspective to the mission of developing cyber defense software that effectively detects and detains purposeful cyber intrusions and insider threats. Jon also has helped multiple cybersecurity assessments, including Fortune 500 enterprises and critical port infrastructures. Currently, Jon holds multiple patents in methods of network analysis, network defense, pattern analytics, and mobile platforms.