Protecting Against Ransomware with Google Workspace
September 30, 2021Did you know that ransomware is costing businesses 20 billion dollars a year? On average, it takes more than 21 days to recover fully from a ransomware attack - and that’s if you’re prepared!
Ransomware is a major concern for businesses big and small. That’s why it’s essential that you know how to prevent these online attacks by ensuring you have the highest security measures in place.
This week, Fintan Murphy explains how you can protect your business against ransomware with Google Workspace.
What is Ransomware?
At Damson Cloud, we get a lot of queries from our clients about ransomware, particularly because they hear of the attacks that are happening worldwide. Ireland has been the victim of a particularly vicious attack on our health service. In May this year, the HSE suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down, putting many patient’s lives at risk. It was the largest known attack against a health service computer system.
Ransomware is a piece of software that attaches itself to a user’s server and encrypts files and documents. It is extremely dangerous for businesses because they lose access to their information. Usually there is a ransom charge for businesses to get their access back.
Statistically - even if you pay the ransom - only in about 50-60% of cases do people actually gain access to their data again. So even paying the ransom is not a guarantee.
NIST’s Cybersecurity Pillars
To combat potential cyber attacks, the National Institute for Standards and Technology (NIST) has invented a framework consisting of five key pillars. These are actions that should be taken in the event of a possible threat:
- Identify
- Protect
- Detect
- Respond
- Recover
In this blog, we will delve into what each of these pillars mean. Then, we will show how Google Workspace can help to reduce and recover the risk of an attack. This way, you can make fully informed choices about your business’s future security practices.
Identify
The first step is identifying the different areas of risk within your business. To do this, you need to consider all the systems, devices and users that are in place, and which may be vulnerable to a ransomware attack.
Within Google Workspace, there are many features that allow you to easily identify risks. These even apply to specific users and devices connected to your Google Workspace environment - not just your business as a whole.
Protect
This is where you look more closely at the different areas you’ve identified, with the aim to try and mitigate against a ransomware attack happening.
Google Workspace gives you the ability to protect your users with strong passwords and two-step verification. Both of these are very simple and easy ways to add an extra, more robust layer of security to your accounts.
After the ransomware attack on HSE Ireland, many of our customers made two-step verification a priority. Now, all Damson Cloud customers are better protected against compromises because of this handy feature.
Being cloud native will also reduce the likelihood of a ransomware attack. Google has a very reliable phishing and spam detector, which takes the guesswork out of it and further protects your users.
BeyondCorp is an internal Google initiative that means beyond the corporation, with a mission to move away from VPN and firewalls and think of security in a different way. It places greater focus on the individual user and device, rather than a VPN/firewall moat around the business which is far more vulnerable to attack.
BeyondCorp is about giving access in the moment that it's needed, and removing access when it's no longer required. It uses a system called context aware access where it examines the user and device and assesses whether it recognises these. The system then decides access based on these contexts. If the user is on a device that it doesn’t recognise, it will restrict access to certain features. For example: it won’t give them access to Google Drive where corporate information is stored - but they can still access their email to communicate. Airbnb is one great example of a business who has secured access to their cloud using context-aware access.
This zero trust model also extends to other areas around end-point management. Within Google Workspace now, you have different levels of end-point management, where you can manage a single mobile or laptop device and take hundreds of different actions to protect them.
Detect
This revolves around ensuring your systems can spot a possible threat when it arises. In Google Workspace, there’s data loss prevention that will allow you to take actions in real-time when your user comes across a file that poses a risk. This powerful feature is available on Enterprise Standard and Plus plans currently.
Admin alerts will allow you to set up automated notifications for administrators when certain actions are taken within Google Workspace. This may be triggered depending on the activity e.g. logging in from a different location or incorrect entering of passwords etc.
Google’s security centre is a powerful central place for administrators to see everything that’s happening in their Google Workspace environment. This is extremely valuable and useful when it comes to continually monitoring the safety of the business.
Respond
Having a response plan in place is vital, no matter how well protected you are. You have to think carefully about plans of actions, communication systems and points of contact to name just a few.
At Damson Cloud, we offer security workshops where we review your entire Google environment and, as part of that, put in place a robust incident response plan.
One thing we always suggest is making sure you don’t store your response plan on your business’s Google environment. Instead, keep it stored in a personal place, like a private account. This is because should a ransomware attack happen - the perpetrators can then access this and you won’t be able to retrieve it to put it in action.
Recover
In the eventuality of something going wrong, at the end of the day your weakest link is going to be based on the actions of individuals. That’s why it is important to constantly educate your staff how to spot potential threats, especially phishing scams which they could easily fall victim to.
Having a backup of your data is also essential for recovery. We highly recommend AFI which is a fully automated cloud solution that backs up your data in real-time. It also:
- Keeps multiple copies of your data
- Offers built-in ransomware protection where its system will detect mass encryption or deletion of files
- Take action to backup the most recent version of your data
- Alert domain administrators that a ransomware attack is happening
From here, you must continually keep up-to-date with this cycle to ensure the highest level of safety for your business and its data.
If you have any questions or advice on ransomware, contact the team or leave a comment below!
As a longstanding member of the Google Cloud Partner Program, Damson Cloud specialises in bringing people and ideas together through new ways of working. We champion the very best practices in remote working and change management, helping companies and their teams collaborate productively from anywhere in the world. To find out more about our services, check out our library of tutorial videos or our blog.