NATDA Magazine Nov/Dec 2019 NM_Nov2019_Final | Page 36

Add software controls to minimize user access
One way you can prevent employees from clicking on a malware
file is with the help of software controls that limit the number
of applications and files a user can run. Consider programs like
AppLocker and EMET to help restrict execution and spread of
malware. Attackers have their favorite methods of delivering
malware into organizations, often by abusing certain Windows
binary files. Knowing whether or not these files are utilized
in your environment will allow you to block them outright or
increase logging and alerting around those files.
Weak passwords. Employees using servers in a
demilitarized zone (DMZ) that is exposed to the internet
could put the network at risk by using weak passwords
that an attacker could guess or compromise
Once an attacker gains access to an externally facing service such
as remote desktop protocol (RDP), Outlook Web Access (OWA),
Citrix Gateway, a VPN, or some other remote access service, they
can attempt to increase their network privileges to the highest
level.
Limit the likelihood of a ransomware attack
For in-depth technical information about how to minimize and
mitigate exposure to ransomware, consider the resources
offered by SANS Internet Storm Center and the U.S. Computer
Emergency Readiness Team. Additionally, there are several key
strategies your organization can use to prevent or limit the impact
of ransomware.
Raise phishing awareness
Malware typically needs a helper to do its job, which means an
employee must open an infected attachment or visit an infected
site to make a phishing attack successful. Educate users on
phishing scenarios and consider internal phishing tests to gauge
employee readiness. Tests should familiarize employees with
common phishing scenarios as well as teach them how to identify
masked links and spoofed sender addresses.
Add strong user controls
You can help mitigate risk by limiting user permissions to only the
programs and systems they need to fulfill their job, including:

Limit local administrator rights to PCs, workstations, and
laptops.
Those logged in with administrator level credentials
should avoid using email, browsing the internet, and any
other general computer use.
Network and domain administrators should be required
to have two sets of credentials — general use and elevated
privileges.
Implement a policy and practice that stipulates
administrators should not log into workstations with
domain administrator rights.
36
Network segmentation
Ransomware often spreads to whatever devices it can communicate
with and control by exploiting unpatched vulnerabilities or
compromised user accounts. Proper network segmentation will
help limit the internal attack surface by preventing communication
between certain device types. Restricting communication
between devices on your network to allow only what is necessary
will greatly reduce the potential impact of a ransomware attack.
Validate the integrity of your backup and restoration
capabilities
Attackers can cause additional damage during an attack by deleting
or encrypting online backups. Consider implementing backup and
restoration procedures that will guard your company against data
loss.

Be sure you have off-line copies of backup and restore files
All electronic backup and restore files should be saved in
a well-secured location
Perform a thorough review of file permissions for network
file shares, and pay special attention to locations storing
electronic backup and restore files
Practice a full system and data restore to verify confidence
in your capabilities
How CLA can help
As part of an overall cybersecurity assessment, CliftonLarsonAllen
professionals can run a vulnerability scan to identify the holes
in your organization’s security. Even more, they can perform a
ransomware preparedness assessment to measure your company’s
ability to defend against and mitigate the impact of a ransomware
infection. To learn more, please visit www.claconnect.com.
Privacy policy, terms of use, and disclaimers (http://www.claconnect.com/
disclaimer/)
CliftonLarsonAllen Wealth Advisors, LLC disclaimers (http://www.claconnect.
com/general/wealth-advisors-disclosures) © 2019 CliftonLarsonAllen. All
rights reserved. “CliftonLarsonAllen” and “CLA” refer to CliftonLarsonAllen LLP.
Investment advisory services are offered through CliftonLarsonAllen Wealth
Advisors, LLC, an SEC-registered investment advisor.
CliftonLarsonAllen is a member firm of the “Nexia International” network.
Nexia International Limited does not deliver services in its own name or
otherwise. Nexia International Limited does not accept any responsibility for
the commission of any act, or omission to act by, or the liabilities of, any of
its members. Each member firm within the Nexia International network is a
separate legal entity. http://www.nexia.com/
NATDA Magazine www.natda.org