Ransomware is inherently sneaky and its effects on your practice’s network can be devastating, not to mention potentially cause a HIPAA breach. Which begs the question, what are some best practices to protect the network against ransomware?
Testing: Scan your practice’s external and internal network frequently as well as any network devices and web applications in order to discover security vulnerabilities. It is also wise to conduct penetration testing to find additional network vulnerabilities.
Training: A large factor in ransomware is human error. The best way to combat human error is to instruct and train users on how to identify suspicious emails, not to open attachments in emails from unknown sources, and not to click links in unsolicited emails.
Software Updates: It is crucial that your practice patches and keeps all operating systems, anti-virus software, browsers, Adobe Flash Player, Quicktime, Java, and any other software up-to-date.
Restrict Permissions: Apply the theory of Least Privilege to all systems and services. Restrict user’s access to data, workstation permissions, network access, etc. to the minimum amount needed to complete daily tasks. Limit user’s permissions so that they can’t install and execute unauthorized software installations.
Backup: Employ and document a data backup and recovery plan for all critical information. All backup servers and network shares should be backed up regularly with multiple restore points. Your practice may also want to consider backing up data in two different media with one off-site backup.