Ransomware costs corporations and individuals billions of dollars per year yet many companies seem to care about the threat after they have been hit. Investing resources in this fashion is similar to waiting to be robbed before installing an alarm – or even locks.

Derrick Wlodarz is a seasoned IT Specialist who owns Des Plaines, IL-based Managed IT Service firm FireLogic. He has some sold thoughts on how to protect yourself which we summarized below:

1) Disaster Recovery & Business Continuity Are “Need To Have” Business Requirements

One aspect that all major ransomware incidents seem to have in common these days is the fact that Business Continuity (BC) and Disaster Recovery (DR) are either not present, never tested, or incapable of being relied upon. This client we came in to save was no different.

While my company has kept DR as a top-of-mind item across our client base for years, we’re now moving steadily toward a universal Datto rollout for fully managed clients. Their platform offers Business Continuity for disasters where we can have clients up and running in under an hour. Plus, they have ransomware detection built in that detects if a backup set is tainted, so we can take the proper steps for remediation.

Managed IT service providers need to ditch the idea that they will be able to prevent 100 percent of malware. Having a DR strategy that employs proper planning and IT solutions is the new reality we all need to recognize. Anti-malware software and IDS/IPS alone aren’t enough.

2) Patching Cannot Be An Afterthought

Another avenue that most major ransomware incidents tend to take advantage of is unpatched software and hardware. I get it – IT support teams are stretched thin, with more on their plates than ever before, and patching can be a headache to schedule and implement—but these excuses usually come down to firms simply not investing in platforms that can automate this age-old sore point.

To solve this for our managed client base, we have standardized all system patching to be handled by Datto RMM and uphold a very aggressive patching schedule for OS and third-party software. On the network side, we consider Meraki our gold standard. Their gear is fully cloud-managed with firmware updates being deployed on an automated, zero-effort basis.

The more manual your patching process is, the less likely it will be enforced — no matter how great a team you may have.

3) Reduce Or Eliminate The Biggest Weak Links: On Prem Servers

Another all-too-frequent commonality for clients who have been hit by a ransomware attack is the reliance upon on-premises servers. There is no less than a plethora of options for ditching these servers, ranging from full blown Software as a Service (SaaS) platforms to more familiar Infrastructure as a Service (IaaS) cloud-hosted virtual machine environments. Clients who are sustaining fleets of physical servers on-prem without the requisite attention to patching and security oversight, are putting their entire IT infrastructure at unnecessarily high risk to ransomware.

There may be situations in which on-prem systems cannot be migrated to the cloud; being an advocate for a hybrid approach is perfectly OK. Often, though, physical servers are being left operational as a matter of complacency of the “status quo.” This is a tough mindset to overcome without a burning business requirement or worse: an incident causing a radical rethinking of IT strategy.

A good way to help justify re-evaluating the usage of on-prem servers is through risk assessments. These are extremely helpful in regulated industries, like healthcare with HIPAA compliance realities, where risk assessments are required yearly. These structured analyses can help place objective ratings on acceptable risks or expose those risks which need outright remediation. For example, we’ve been leveraging a firm called HIPAA Secure Now for our healthcare client risk assessments for many years with great success.

We’re frequently involving telecom master agent TBI to help evaluate cloud-first options, analyze risks, and most of all get our clients the best pricing possible. Don’t go it alone if you aren’t experienced in navigating the cloud vendor landscape.

4) Only End-User Education Can Truly Defeat “The Enemy Within”

Organizations will easily spend countless sums to help protect against the enemy at the gates. And rightfully so. But how many of your clients are just as concerned about the “enemy within” – their own end users? While on-prem servers that are poorly patched are the perfect attack surface for ransomware actors, they usually don’t get in on their own. They’re almost always aided and abetted by internal users who just don’t know any better, either by action or inaction.

There are some excellent vendors offering internal-facing training programs which actually place a premium on the competency of users with baseline security concepts that should be shared concerns across an organization’s departments these days. Training that ditches the bland PowerPoint slides and mere platitudes and instead embraces proactive situation-based assessments plucked from real-world examples are all the rage now.

Patching is paramount, next generation IDS/IPS is critical, and moving to a cloud-first strategy is wise in an era of unfettered ransomware. But technical safeguards alone can’t be the end-all-be-all when it comes to a modern ransomware mitigation stance.

Every company is a potential target and should use a phishing simulation tool which tests employees by sending safe phishing emails. When employees click, they are then presented with educational material which helps them learn what to avoid.

One alternative, Phish360 is so effective, it has achieved almost 100% click rate when used in various organizations.