Seven Endpoint Security Best Practices to Block Ransomware

Katie Springs

In a year where no one could have predicted what has been going on in the world, we have made it to National Cybersecurity Awareness Month. Though activities may have been put on hold, and businesses have been shuttered, hackers are not resting. Organizations around the world continue to be hit with ransomware. Sophos recently conducted a survey of 5,000 IT managers across 26 countries, and the results revealed that ransomware is still a significant threat to organizations. According to the survey, 51% of respondents were hit by ransomware in the last year. In 73% of those incidents, attackers succeeded in encrypting data. But the bad news doesn’t stop there. The survey also found that the average global cost to remediate these attacks was a staggering $761,106.*

Maximize Your Endpoint Security to Block Ransomware

What can organizations do to protect themselves against ransomware? While endpoint protection is one of the most effective ways to protect against ransomware, it must be properly configured to fully maximize defenses. Here are the recommended best practices to help stop ransomware in its tracks.

  • Turn on all policies and ensure all features are enabled. This may sound obvious, but this will fully maximize your endpoint solution and ensure you are getting the best protection. Don’t forget to enable features that detect file-less attack techniques and ransomware behavior.
  • Regularly review your exclusions. Exclusions are sometimes leveraged to soften complaints from users who feel your protection solution is slowing down their systems. Malware that manages to make its way into excluded directories will likely succeed because it’s excluded from being checked. Be sure to regularly check your list of exclusions within your threat protection settings and keep the number of exclusions as close to zero as you can.
  • Enable multi-factor authentication (MFA) within your security console. MFA provides an additional layer of security after the first factor, which is often a password. Enabling MFA across your applications will ensure access to your endpoint protection solution is secure and not prone to accidental—or deliberate—attempts to change your settings, which could leave your endpoint devices vulnerable to attacks.
  • Ensure every endpoint is protected and up to date. Make sure you are routinely checking your devices to confirm they’re protected and up to date. A device not functioning correctly may not be protected and could be vulnerable to a ransomware attack.
  • Always maintain good IT hygiene. This ensures your endpoints and the software installed on them run at peak efficiency. This will mitigate your cybersecurity risk and save you time when remediating potential future incidents.
  • Hunt for active adversaries on your network. Endpoint detection and response (EDR) technologies in your endpoint solution can identify advanced threats and active adversaries, and take action quickly to neutralize these threats.
  • Close the gap with human intervention. To deploy ransomware, hackers will have already breached your network and possibly exfiltrated data without your knowledge. Technology alone is often not enough to stop these intrusions. Managed detection and response (MDR) services can arm you with an external team of elite threat hunters and response experts who can provide actionable advice for addressing the root cause of recurring incidents.

How Sophos Keeps You Protected from Ransomware

While there are many endpoint protection choices available, Sophos evolves to meet every new challenge, protecting more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyber threats. Sophos Intercept X offers a number of advanced features, including:

  • Deep learning: artificial intelligence that detects both known and unknown malware without relying on signatures.
  • Anti-exploit technology: denies attackers by blocking the exploits and techniques used to distribute malware, steal credentials, and escape detection.
  • CryptoGuard: Identifies and stops the spontaneous malicious encryption of files.

Sophos EDR, available for endpoints and servers, gives you the tools to maintain IT security operations hygiene and hunt down threats while built-in expertise helps you answer the tough questions about security incidents.

To add human expertise to your security strategy, Sophos Managed Threat Response gives you an elite team of threat hunters and response experts who take targeted actions on your behalf to neutralize even the most sophisticated threats.

As a Sophos partner, Connection can help you get on the right track to a secure IT ecosystem. And our Technology Solutions Group Security Practice offers the cyber security expertise you need to stay one step ahead of today’s threats. Don’t let your guard down—we have the solutions to protect your organization! Be safe and be well!


*Sophos “The State Of Ransomware 2020.” May 2020

Katie Springs is a Product Manager for Networking at Connection with more than 25 years of experience in the IT industry. In her free time, she enjoys hiking, bicycling, and dancing/performing ballet.