Can Your Shop Recover from Ransomware? Wanna Try?
How CoreView Helps Stop the Scourge
51% of IT shops were hit by ransomware in the last year. With COVID-19 upping the ante, the average payment made by enterprises rose 33% in one recent quarter alone to a stunning $111,605.
CoreView is the answer to ransomware for Office 365 shops, and the best way to explain how is showing the ways CoreView supports anti-ransomware best practices with an actual example.
CoreView vs. Ransomware: Helping IT Take a Stand
In late August 2019, a massive and coordinated ransomware attack crippled computers and locked data in 22 small Texas towns, bringing local government agencies to their knees.
Hoping to prevent a repeat of the ransomware debacle, the Texas Department of Information Resources (DIR) sent out a bulletin to State and Local Government Entities across Texas. The directives offered step-by-step actions to prevent further spread of the existing attack, and create more ransomware-resistant Texas agency systems.
We read the DIR bulletin and closely analyzed its directives: CoreView’s SaaS Management Platform (SMP) for Office 365 can help entities effectively and efficiently implement these still critical and broadly applicable DIR directives.
1. DIR recommendation: Keep software patches and anti-virus tools up to date
To insure an updated and safe environment, run CoreView CoreAdmin Reports to validate workstation and especially mobile device reports for appropriate versions of up-to-date software. You can also view Mobile Device Management (MDM), Multi-Factor Authentication (MFA), and other policy applications.
2. DIR recommendation: Create strong unique passwords that are changed regularly.
Run CoreAdmin Reports to identify accounts that do not have password expirations set – especially service accounts – and apply changes in bulk using CoreAdmin delegated admin facilities.
3. DIR recommendation: Enable Multi-Factor Authentication, especially for remote logins.
Use CoreSecurity Audit Sign-In Reports to identify not only remote login attempts, but also discover targeted accounts, MFA status, failure reasons, and get the remediate MFA status directly from the CoreView reports. If any devices are flagged as infected, either from CoreSecurity or from other platforms, run a CoreSecurity fileaccess and fileaccessextended report for the device owners. For known affected organizations or departments, run the report for all users. You can also contact CoreView Support and get a proactive CoreView Office 365 Health Check.
4. DIR recommendation: Modernize legacy systems and ensure software is as current as possible.
CoreView can validate your workstations and insure software is up to date, AND you can run CoreSecurity Azure AD Reports to document third party applications granted and utilizing access to Azure AD.
5. DIR recommendation: Limit the granting of administrative access.
Enabling CoreSuite activates auditing for all Office 365 workloads, and surfaces all of the Microsoft E5 security tools, even if there is only one E5 license enabled.
The Danger of Global Admin Rights
Giving global admin rights to too many people is one of the worst things you can do to your network security. Instead, leverage CoreAdmin’s functional least-privilege access and Role-Based Access Control (RBAC) functions to quickly create a least-privilege access model that restricts admin rights to only what is actually needed.
CoreView also stores an external, immutable log of every administrative action for the life of the platform. Every enterprise and organization should be able to produce this type of information.
At the same time, ensuring auditing is enabled across all workloads is also crucial as it lets you perform forensic analysis and see in detail how the ransomware spread. You should store, access and audit logs in a separate and immutable location and define how long you want these logs retained by enabling CoreSecurity.
With CoreView, you can ensure your Microsoft environment is correctly configured, and meet guidelines such as those that are part of these Texas DIR requirements. All this greatly increases your chances of blocking or at least surviving ransomware.
Protect Your O365 Tenant With CoreView
Or sign up for a personalized CoreView demo.
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.