There are a few effective steps that can help your organization to put your risk on a ransomware attack very low or even not existing.
- Taking backups of your data is one thing, they should also be tested regularly. Furthermore, it should be checked that the backup server is not connected to the rest of the company network, and furthermore is not included in the Active Directory. If a hacker breaks into your Active Directory or company network, they certainly can’t encrypt the backup data and this makes it inaccessible. Also, make sure you have multiple copies, one of which is on what is called “immutable object storage”.
- Timely updating and patching of all systems is also a fairly simple action that can ensure that any security holes are closed before they can be exploited. It’s not just about the operating systems. The applications and the server firmware should also be kept up-to-date.
- The creation and regular testing of a Disaster Recovery Plan is another very important element of security and safety. If, in the worst case scenario, ransomware does sneak into the organization, ask yourself proactively what steps can be taken towards Disaster Recovery? How long will such an exercise take? A well-written plan that has been tested on a regular basis can provide a good handhold during a stressful situation.
- On a regular basis and unannounced, have a security audit like a pen test conducted by a 3rd party to test the security of your systems, as well as your employees (e.g., sending out phishing emails and seeing who clicks on questionable links in emails). By measuring and evaluating any vulnerabilities, targeted work can be done to plug potential leaks before it’s too late.
- Use multifactorial authentication as much as possible. This cannot be emphasized enough.
- Above actions are no longer sufficient without the right assistance. The ‘threat of breach’ is continuous. That’s why WESTPOLE are the real specialists in betting on ongoing security services, better known as Managed Security Services. These include drafting and following up security policies, awareness training of staff, 24/7 surveillance or observability, up to full surveillance data safety, platform and network infrastructure and applications. All of this is managed, with very strong Service Level Agreements.
WESTPOLE can help you with each of the steps listed above, including offering immutable object storage in the WESTPOLE cloud. This keeps your data in Belgium at all times, and moreover in a multi-cluster setup.
WESTPOLE is continually investing in the expansion of its specialization in Managed Security Services. Steven Maieu and Dirk De Boeck are respectively IT Operations Manager and Director Managed Services Benelux.