Lock down your company’s firewall:
Leaving ports such as RDP open on the internet is somewhat of a laughing matter on many Facebook groups, Discord channels, and other social platforms. Although, it is not so funny when you talk to businesses who have lost all of their data from a ransomware attack. First and foremost, lock down all direct connections to Remote Desktop or similar services. If you do need to publish RDS, do so using a Remote Desktop Gateway server and protect the gateway with dual-factor authentication. There are many free Dual Factor applications available. DUO, for example, takes no more than 20 minutes to install and is free for up to 10 users. There is no excuse to leave RDP open on the internet, if it is open, shut it down TODAY!
Add Dual Factor Authentication to Management Tools and Servers:
Our job as I.T. professionals is to protect our client’s infrastructure, but far too often, our tools are being used against us. I.T. management, Remote Monitoring and Management, and other similar tools are extremely powerful. They make the job of I.T. professionals easier, but when used by an attacker, it can also make the deployment of malicious software easy. Adding Dual Factor Authentication onto your systems line of business applications, workstations and any other platforms adds an extra layer of protection to your critical business systems.
Restrict User Access:
It is nice to trust that your employees will not do something bad, however, far too many companies have colossal file shares that anybody can access. Even if you trust your employees, restrict access to files and folders based on what they need to perform their job functions. If they do somehow manage to run ransomware, at least the damage will be restricted to what they can access.
Set Default Lockout Group Policies:
This is free and can be completed in no time. Go onto both your and your clients’ domain controllers and set the default lock policy on computers to 10 minutes, or a reasonable number. It is not OK to presume an attacker has no way to get onto a computer. Assume the device will be compromised, and make sure that computers are not left running and unlocked.
Patch your Computers:
This should not be up for debate. Patch your operating system and third-party applications. You can have the best security software in the world and at best, it will be 75% effective if your computers are not patched and up to date. We have seen far too many cases of old vulnerabilities like Eternal Blue used to create admin accounts on servers and push out ransomware. Patching is not optional!