Top 10 Ransomware Protection Tips for Law Enforcement Agencies

In the fight against ransomware, you must strategically prepare your organization to protect itself and respond to attacks. But IT organizations often struggle to prioritize the right initiatives to combat and mitigate the impact of ransomware. With more tools, technologies, and processes than ever before, you need practical guidance to help you detect, prevent, respond, and limit your overall exposure to ransomware and other destructive attacks.

Protecting Your Agency

Used in cyberattacks that can cripple organizations, ransomware is malicious software that encrypts data on a computer system and demands payment to restore access. To help organizations protect against and recover from ransomware attacks if they do occur, CJIS Solutions has provided an infographic that offers a series of simple tips and tactics. Use the following tips to protect your agency:

1. Awareness and training

Your agency staff should know what ransomware is, delivery methods, and basic security principles to prevent a system from becoming infected. Identify who will ensure that your department’s network runs effectively, efficiently, and securely. Provide ongoing security awareness training to ensure your employees follow good cyber hygiene practices on all devices, such as strong passwords and secure Wi-Fi connections, and help them detect and react to the latest phishing techniques.

2. Keep everything up to date

Yes, restoring compromised systems can be a lengthy and expensive process. However, you cannot trust cyber criminals to keep their promises. Your software (operating system, server, antivirus, firmware, etc.) must be updated regularly. Exercising a patch management system is key; these updates often include security components. Your antivirus and antimalware software should be set to update automatically and run regular scans.

3. Take data backups seriously

Your data should be backed up, ideally to multiple locations, and not constantly connected to the computers and networks being backed up. Perhaps most importantly, someone should be assigned to check those backups regularly to ensure they are working properly. Please note to not just back up the data daily, but also consistently. Make sure you have thoroughly tested your ability to recover systems and data in the event of an attack. Consider removing critical assets to offline cold storage. Your backups are less vulnerable to attack if they are disconnected from the network.

4. Strengthen patch management

Constantly monitor for vulnerabilities. Regularly update systems with the appropriate security patches to ensure that cybercriminals cannot exploit known flaws, gain access to networks, and distribute ransomware. Audit patching processes and evaluate the technologies and policies that can make them more effective, leveraging automation where possible.

5. Adopt multi-factor authentication

Most ransomware gains access by hijacking static passwords. Enabling multi-factor authentication on network accounts can help you thwart attackers by requesting additional information. A phishing attack can obtain a user’s credentials, but will not provide biometric data or the answer to a personal security question.

6. Implement least privilege

Reduce the risk of attackers gaining access to critical systems or sensitive data by granting users only the minimum privileges necessary to do their jobs. Identity and access management (IAM) controls can help you grant least privilege access based on who requests it, the context of the request, and the risk of the access environment.

7. Create an incident response and business continuity plan

Have an incident response team and a defined plan. Go through it step by step and make sure it’s actionable. If you’re not going to do this in-house, choose a third-party vendor that’s capable of responding to an attack and helping you recover or mitigate the impact a situation like ransomware might have.

Ask yourself these questions when creating the plan: What does it mean if our main database is inaccessible to us? What does it mean if the priority systems we use for administrative functions are not available to us? How long do we have to wait for these primary systems to come back online? How long should we wait between the start of an event and the transfer to those backup systems to make sure we’re in a position to do the jobs they’re responsible for doing?

8. Supplement efforts with threat intelligence

Staying up to date with the latest threat intelligence helps you detect an attack quickly, respond effectively, and prevent the attack from spreading. Threat intelligence can also help you identify where some of the attacks are coming from and use that information to block incoming traffic at the firewall.

9. Check your cyber insurance

If you don’t already have it, purchase cyber extortion coverage that entitles you to incident response assistance and refunds the ransom if paid. Keep in mind that insurers require cyber hygiene screenings and can and will refuse to cover incidents that could have been prevented.

10. Blocking attachments

Ransomware is often delivered as some kind of executable attachment: direct executables (for instance, .exe, .js, or anything else that can be executed), Microsoft Office files that contain macros, .zip files that contain executable files or they are executable themselves (ie called .zip, but actually .exe). Therefore, it is important to have a policy that prevents these from being sent via email and that the email security device removes the attachments.

 

Getting Started

The spate of ransomware attacks will continue as threat actors seek large payouts from the public and private sectors. That’s why our Malwarebytes Endpoint Protection and Response will be your solution – click here to learn more. These 10 steps can ensure you are prepared to defend your organization and your data. At CJIS Solutions, we can help you get started by identifying and prioritizing weaknesses in your security program and starting an actionable roadmap for remediation. Get in touch with America’s first CJIS compliant cloud hosting provider today!

SALES OR SUPPORT? CALL US 24/7:

855-955-CJIS (2547)

Stay up to date with CJIS Solutions and CJIS Policy News!