Looking across the Internet for new stories and new events in this holiday season I look at the fundamentals, thus found the NIST Cybersecurity framework profile:Ransomware Risk Management
Specifically the NIST.IR.8374 document
From this document I have grabbed 3 basic items which everyone should be aware of
in the image as well as in text here:
- Educate employees on avoiding ransomware infections(phishing awareness)
- Do not open files or links from unknown sources.
- Avoid using personal websites and personal apps on work computers.
- Do not connect personally owned devices to work networks without approval
- Avoid having vulnerabilities in systems that ransomware can exploit (i.e. patching or updating)
- Keep relevant systems patched (or updated)
- Employ zero trust principles
- Allow installations and execution of authorized apps only
- Inform all about your expectations(including with 3rd parties/vendors)
- Backup your data and test the restoration of the data.
I have been touting the ‘basics’ for a long time at my sites and book “Too Late You’re Hacked”