An SMB ‘Blueprint for Ransomware Defense’


According to the U.S. Small Business Administration, there are more than 32 million small- to medium-size businesses (SMBs) across the country, accounting for 99.9% of all business entities. Yet, as many studies show, many of these companies are insufficiently prepared to defend themselves against the rise in today’s most prevalent cybercrimes.December-1-min-1.jpg
That’s why the nonprofit Institute for Security and Technology (IST) recently released a “Blueprint for Ransomware Defense.” The publication aligns with the Cybersecurity Framework from the National Institute of Standards and Technology (NIST), a design we fully endorse and encourage.
NIST’s framework structures effective cybersecurity as a five-step cycle, and IST’s blueprint assigns 40 “safeguards” to implement at various points. Here’s a digest of the recommendations:
  1. Identify – Among the safeguards that NIST recommends for this foundational phase are taking inventory of all your digital assets and ensuring procedures for managing those properties are in place and active. For example, are all applications up-to-date and fully supported?
  2. Protect – Safeguards at this stage include establishing and maintaining processes for user access, authentication and privilege control. IST stresses training users and recommends good cyber-housekeeping, such as disabling dormant accounts performing regular software patches.
  3. Detect – To stay up to date with the constantly shifting cybersecurity landscape, IST encourages SMBs to consider support from IT managed services providers (MSPs) versed in the latest attack vectors and monitoring techniques.
  4. Respond – IST advocates designating personnel to handle incident response, thoroughly logging incident data and reporting all incidents internally and externally to proper authorities.
  5. Recover – The advice here is straightforward: Diligently perform automated backups.
Looking to fortify your defenses against ransomware and other common cyber assaults? Reach out to us for a cybersecurity review.