IT Support, Security & Managed IT Services Blog - iCorps

3 Strategies for Reducing Ransomware Risk in Microsoft 365

Written by iCorps Technologies | 2021/12/7

In a recent release from Forbes, 56% of businesses experienced a ransomware attack in 2020. The spike in ransomware has had profound financial and reputational ripple effects across SMBs. While there are many strategies for mitigating ransomware, we'll be looking specifically at prevention within the Microsoft 365 platform. 

Here Are Top Ransomware Prevention Strategies for Your Business: 


Reducing Risk in Microsoft 365

The Microsoft ecosystem is vast and growing. As of April, there are 1.3 billion Windows 10 device users, 145 million daily Teams users, and 50.2 million Microsoft 365 subscribers. Unfortunately, this massive audience has also drawn consistent attention from cybercriminals. Drilling down into one of the most common attack types, ransomware, here are some strategies to keep your Microsoft 365 data secure:

  • DNS
    • Leverage a DNS (Domain Name System) that actively monitors and blocks known malicious sites. A DNS can block requests made by internal users trying to access harmful sites, or - if malware is already inside your organization - by blocking said malware's attempt to "phone home" outside your organization. If a network device tries to access an identified malicious site, the user will receive a notification that the request site is blocked, and often with a suggestion to contact the network administrator. 
  • SmartScreen Policies 
    • Microsoft's SmartScreen filters block harmful downloads and sites at the browser level. SmartScreen works within Microsoft Edge, Internet Explorer, and Outlook.com. The system calculates a risk score based on predetermined standards, then warns users of potential threats. 
  • Email
    • Email attachments are one of the most common vectors for ransomware. Administrators can block over 100 different file types, increase security with multi-factor authentication solutions, and enable automated backup capabilities through programs like SaaS Protect

Making the Most of Windows 11 Security Features

Microsoft launched Windows 11 in early October this year. If your organization has upgraded to Microsoft's newest, and most secure operating system, ensure you're making the most of that investment. Here are five great ways to boost your security within Windows 11:

  1. Keep Windows 11 Updated - check that all the latest patches and bug fixes have been applied to your OS; you can set "Active Hours" to ensure restarts/upgrades don't occur during prime working hours.
  2. Run a Malware Scan - users can run manual scans through the Windows Security dashboard under the "Virus and Threat Protection" option.
  3. Adjust Browser Controls - adjust your online security tools through reputation-based protection (Windows 11 is always on and checking for suspicious applications) and exploit protection (helps mitigate remote hacking attacks).
  4. Manage Application Permissions - modify the privacy and security settings on your smartphone; customize permissions including location, camera, and microphone-based tracking.
  5. Track Your Data - set up device tracing in the event your phone/laptop is lost or stolen. Additional security software can set automatic log-outs and identity-based authentication.  

4 Steps to Take if You're Hit with a Ransomware Attack 

Ransomware happens. But the damage can be contained with appropriate incident response planning. Here are five steps to take if your organization is hit with a ransomware attack. 

  1. Go Offline 
    • If your business has been targeted by ransomware, isolate the effected system from the network immediately. Unplug ethernet cables and turn off the WiFi connections to compromised devices. This will prevent the malware from spreading throughout other systems and networks. Pause any auto-sync applications such as OneNote. Notify your IT team asap.
  2. Use OneDrive for Business to Restore files
    • Since OneDrive for Business saves file version histories, you may be able to revert to an earlier version of a ransomware-encrypted file. Version history works well for Office documents such as PowerPoint, Excel, and Word files. Keep in mind that OneDrive for Business won't keep version histories for non-Office applications such as Photoshop, AutoCAD, and videos.
  3. Attempt On-Device Recovery
    • Have your IT security professionals run a complete scan of your targeted systems. Tools such as Microsoft Defender and SOC-as-a-Service can help your team complete attack diagnostics. 
  4. Restore from Backup
    • If you know your data is backed up, you can wipe a compromised corporate device and revert to a pre-attack virtual workspace. SaaS Protect provides cloud recovery for your data in Office 365, including emails, files, folders, contacts, and calendar items across applications.

No one wants to go through the process of restoring their data, which is why it's so important to use strategies and applications to protect yourself from ransomware. If you want to learn more about how you can protect yourself from ransomware schedule a free IT consultation