Blocking Ransomware Attacks with Updated Microsoft Security Features

What is Ransomware?

Ransomware is a form of malware (short for “malicious software”) in which a hacker gains control of a business’s critical systems or sensitive information. The cybercriminal will then ask for a ransom in exchange for access to the system under the threat of releasing sensitive data to the public or competitors. The threat of ransomware is growing exponentially, both in volume and complexity. According to Microsoft, ransomware attacks were up 935% in 2021 alone.

Malware developers have begun to offer “Ransomware as a Service,” in which they offer up their ransomware to anyone willing to give up a percentage of the ransom. This development lowers the knowledge barriers to engaging in a ransomware attack. Now, anyone can use ransomware as a service to launch attacks against organizations. High-profile cases such as the shutdown of the Colonial Pipeline continue to litter the news with startling frequency.

Fortunately, as ransomware continues to evolve, so do the security solutions from Microsoft and other IT providers. This blog will review recent Microsoft security updates in Windows 11 and Office 365 and how they affect your business. In addition, we’ll cover security best practices.

New call-to-action

What do the most recent Microsoft security updates do?

Microsoft refers to Windows 11 as “the most secure Windows ever.” In addition, Microsoft 365 provides more up-to-date security solutions than Office 365. For example, two recent Microsoft security updates block ransomware that exploits vulnerabilities in remote desktops and barricades against malware that masquerades as macros in programs such as Word, Excel, and PowerPoint.

Other Microsoft 365 security updates include advances in email and storage protections.

  • Microsoft Defender for Office 365 protects email inboxes against advanced ransomware and malware attacks.
  • Exchange Online, Microsoft’s email server, provides further protection by scanning messages and deleting known ransomware emails.
  • SharePoint and OneDrive protect against evolving threats to cloud storage.

While these protections are built-in to these applications and largely automatic, customers can configure the Microsoft security updates to help mitigate the risk of a ransomware attack.


Learn More: Cyber & Data Security for Accountants


Configure controls to mitigate risk

When configuring updated Microsoft security features, it’s best to work under the assumption that your organization will eventually suffer from a cyberattack. However, these configurations will make it much harder for hackers to access crucial systems and help your company recover quickly should the worst occur.

Email
By default, in Microsoft 365 email applications (Outlook, for example), deleted emails remain in the recycle bin for 14 days, but users can push this back to 30 days. This feature is handy for recovering from worms and other malware that seek to delete emails. Other configurable functions include:

  • Email retention allows users to set (and lock) preferences from 1 year to 10 years.
  • Write protection prevents tampering with recordkeeping and storage of old emails.

Storage
Adjustable protections in Microsoft SharePoint and OneDrive include:

  • Versioning – The default of each file is to maintain up to 500 versions (although it can retain much more). If ransomware encrypts a file, users can return to a previous version.
  • Recycle bin – Some malware deletes other file versions while encrypting the latest version. The deleted files can be retrieved from the recycling bin for up to 93 days.
  • Preservation hold library – When a file is stored in SharePoint or OneDrive, users can turn on retention settings that allow each version to be stored as a separate file, mitigating the risk that all copies will be corrupted or encrypted by ransomware.

Microsoft Teams
Microsoft Teams chats are stored on Microsoft Exchange Online, and the shared files are stored in either OneDrive or Sharepoint. To ensure the most security, clone the above settings to Microsoft Teams.


Learn more: What to do if you have a Data Breach


Security best practices

In addition to properly configuring Microsoft’s updated security features, companies should adopt organization-wide security policies and best practices.

Here are a few items to include on your cyber security checklist:

  • Set up a disaster recovery service such as Microsoft Azure.
  • Migrate to the cloud for automatic backups and increased security.
  • Stay up to date on all security updates.
  • Turn on multi-factor authentication.
  • Create strong randomized passwords and utilize Microsoft password tools.
  • Work with a trusted IT provider to advise on emerging threats.
  • Purchase or update a cyber liability insurance policy.
  • Educate team members on how to spot phishing and other hacking attempts.
  • Manage permissions and identities to mitigate damage should a ransomware attack prove successful.
  • Schedule regular antivirus scans and invest in more powerful anti-malware solutions like Microsoft’s Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) applications.
  • Employ a Zero Trust model to evaluate risks for all users and devices before connecting them to your network. Take Microsoft’s zero trust assessment to determine vulnerabilities and the next steps.

Also read: Are you at risk of Cyber Insurance Fraud?


Protect your business with McGowanPRO cyber liability insurance

According to IDC’s recent study, 37% of all organizations worldwide fell victim to a ransomware attack in 2021. Of those, 77% of schools and 75% of retailers were targeted. Companies can no longer rely on a simple antivirus program. They must manage their cyber risk through careful planning and active monitoring. Following these best practices for configuring Microsoft’s security updates is an excellent start in mitigating ransomware risk.

Cybercrime is constantly evolving. Because of the sheer volume and sophistication of ransomware attacks, it’s not a matter of if your company will be hit, but when. Protect your company and yourself by obtaining comprehensive cybersecurity coverage.

McGowanPRO‘s Information Security and Data Privacy Liability Insurance policies protect organizations of all sizes against the financial liabilities involved in ransomware breaches, including legal, media, and regulatory liabilities. Since 1998, McGowanPRO has provided professional liability policies for our clients.

To learn more about safeguarding your business against ransomware, contact us today.