As SaaS applications become more prevalent, the threats associated with this data also increase. According to our research in the channel, 28 percent of surveyed MSPs have seen ransomware attacks in SaaS applications such as Office 365 and G Suite.
The following strategies and tactics will help reduce your ransomware risk, protect your networks and devices, and ultimately help you recover your data when a ransomware event occurs.
1. DNS: Switch to a DNS (domain name system) service that actively monitors and blocks known malware sites to reduce the risk of ransomware. Unless you’ve custom-configured some settings, it’s very likely that a site’s DNS provider is the Internet service provider. DNS service providers can also block access to malicious sites. This blocking can work two ways: by blocking a request when a person inside an organization attempts to access a harmful site, or—if malware is already inside an organization—by blocking attempts by malware inside the organization to “phone home” outside the organization. When a device on the network requests a site identified as a ransomware source, the DNS provider prevents access. Instead of a fresh serving of malware, you see a notification that the requested site is blocked, often with a suggestion to contact a network administrator if you believe the site to be blocked in error.
2. SmartScreen Policies: Microsoft’s SmartScreen filters work to block harmful sites and downloads at the browser level, much like a DNS provider can at the network level. The system calculates a risk score, based on a variety of factors, then warns the user of potential harm. An administrator can configure SmartScreen to act either as an advisor or a blocker. When set as an advisor, a person will see a warning when either visiting a potentially harmful site or downloading a potentially harmful file. However, it’s important to note that the warning can be ignored.
3. Email: Email attachments often deliver a ransomware payload. “Here’s the file you need,” reads the text of the email—with an attachment. Too often, the recipient opens the file and realizes later that it wasn’t a file, but instead a malicious app. Microsoft gives Office 365 administrators the ability to block any of nearly 100 different file types. The most secure setting would be to simply delete all attachments. The recipient would receive a notification via email and could then log in to OneDrive to view files “Shared with me.”
Shielding your network with filtered DNS and utilizing Microsoft’s SmartScreen to keep people safe from malicious sites and downloads, are crucial to keeping your clients’ networks secure. With a few tweaks to Office 365 settings, you can also keep harmful attachments out of email.
In our eBook, Defending Office 365 Data from Ransomware, we provide everything you need to know to help protect your clients’ data. This eBook outlines the best practices that all companies should be implementing to ensure their data is secure and accessible, no matter what happens. Download your copy today.
Ryan Weeks is chief information security officer at Datto Inc. Read more Datto blogs here.
