Ransomware response guide for businesses - final Part: How to reduce the risk of a ransomware infection.
Taking a proactive approach to security can help reduce the risk of a ransomware incident. Businesses of all sizes should implement, enforce and regularly test the following preventative measures:
Credential hygiene: Practicing good credential hygiene can help prevent brute force attacks, mitigate the effects of credential theft and reduce the risk of unauthorized network access.
Principle of least privilege: All organizations should adhere to the principle of least privilege, a security concept in which users, programs and processes are given only the bare minimum privileges necessary to perform their tasks.
Employee training: Because ransomware frequently spreads through user-initiated actions, companies should provide regular cybersecurity training with an emphasis on phishing, malicious email attachments and other social engineering tactics.
Multi-factor authentication (MFA): MFA should be made mandatory wherever possible to reduce the risk of unauthorized access.
Review Active Directory: Organizations should regularly review the Active Directory (AD) to locate and close existing backdoors such as compromised service accounts, which often have administrative privileges and are a popular target for attackers who wish to obtain credentials.
Network segregation: Effective network segregation is crucial for containing incidents and minimizing disruption to the wider business.
Secure remote access: As RDP is an extremely popular attack vector, organizations must take steps to secure remote access (or disable it if it is not required). Remote access should only be available via certain networks or MFA-enabled VPN, and limited only to users who require it for their work.
Avoid BYOD: Implementing and strictly enforcing security protocols on employees’ personal devices is extremely challenging. Ideally, companies should provide dedicated devices and hardware and discourage employees from using personal devices for work-related tasks.
PowerShell: PowerShell is one of the most common tools used by ransomware gangs to move laterally within a target network and should be uninstalled if possible. If PowerShell is required, it must be very closely monitored via endpoint detection and response systems. Administrators should be aware of every single PowerShell script that is running on their endpoints.
Cybersecurity insurance: Organizations should consider cybersecurity insurance to help mitigate the impact of a ransomware incident. Cybersecurity insurance can be particularly beneficial for MSPs, which are often responsible for protecting other companies’ data. Some cyber insurance companies lean toward readily paying ransoms, while others prefer to explore other remediation options, so companies should talk to prospective insurers and discuss policies before committing to an insurance provider.
Incident response procedures should be tested regularly to ensure that employees are familiar with security processes and understand exactly what to do in the event of an infection. Testing also helps companies identify and rectify flaws in the response chain. The worst time for a company to try and work out what to do in a ransomware attack is during a real ransomware attack.
A proactive approach to ransomware prevention can help companies significantly reduce the risk of infection. In the event of an incident, organizations must have effective response procedures in place to contain the incident, prevent data loss and safely initiate the recovery process.
The practices described in this article can help businesses of all sizes mitigate the impact of a ransomware attack. Do note, however, that these procedures should be considered general and non-comprehensive advice. Security requirements can vary significantly and security systems should always be tailored according to industry, regulatory requirements and the company’s unique security needs.
As of November 2020, you will need to upgrade macOS to continue receiving Microsoft 365 and Office for Mac updates.
Office for Mac supports the three most recent versions of Apple's macOS. With the release of macOS 10.15 Catalina, Microsoft 365 for Mac and Office 2019 for Mac support macOS 10.15, 10.14, and 10.13
Microsoft 365, Office 2019 for Mac:
As of the November 2020 (build 16.43) update for Microsoft 365 for Mac or Office 2019 for Mac, macOS 10.14 Mojave or later is required to receive updates to Word, Excel, PowerPoint, Outlook and OneNote. If you continue with an older version of macOS, your Office apps will still work, but you'll no longer receive any updates including security updates.
Upgrading your operating system to macOS 10.14 or later will allow Office updates to be delivered for your apps. Note that new installs of Microsoft 365 for Mac or Office 2019 for Mac will also require macOS 10.14 or later.
Microsoft 365, Office 2016 for Mac:
Support for Office 2016 for Mac will end on October 13, 2020. All your Office 2016 apps will continue to function—they won't disappear from your Mac, nor will you lose any data. Learn what Office 2016 for Mac end of support means for you
Word, Excel, PowerPoint, Outlook, and OneNote will install and run on OS X 10.10 Yosemite and later.
For the best experience with 10.15 Catalina, be sure to keep your Office apps up-to-date. If the version of Office installed on your Mac is earlier than 16.16, and you are not being offered updates, you can download the latest Office for Mac suite installer. See What version of Office am I using?.