The National Institute of Standards and Technology (NIST) has released a draft Cybersecurity Framework Profile for Ransomware Risk Management to help organizations prevent, respond and recover from ransomware attacks.
The Ransomware Profile is intended to be used by organizations that have adopted the NIST Cybersecurity Framework and want to improve their risk postures or any organization that has not yet adopted the Framework but wants to implement a risk management framework to meet ransomware threats. The Ransomware Profile can be used to identify and prioritize opportunities for improving their ransomware resistance.
The Ransomware Profile includes a series of steps that should be taken to prevent ransomware attacks and effectively manage ransomware risk. It should be used in conjunction with the NIST Cybersecurity Framework, other NIST guidance, and guidance issued by the Federal Bureau of Investigation and Department of Homeland Security.
The Ransomware Profile outlines basic measures that can be implemented to improve defenses against ransomware attacks. These include the use of antivirus software, ensuring scans are automatically conduced on emails and flash drives, keeping computers fully patched, blocking access to known ransomware sites, only permitting authorized apps to be used, restricting the use of personally owned devices, restricting the use of accounts with administrative privileges, avoiding the use of personal apps, and conducting security awareness training to warn employees about the risks of clicking links or opening files sent from unknown sources. These measures alone will help to significantly reduce ransomware risk.
Read more at The HIPAA Journal