66% of organizations were hit by ransomware last year*<\/span>\u00a0demonstrating that adversaries have become considerably more capable at executing attacks at scale than ever before.<\/span>\u00a0<\/span><\/p>\n Modern attacks leverage legitimate IT tools such as Remote Desktop Protocol (RDP) to gain access to networks, making initial detection notoriously difficult. The root of the problem is that there\u2019s too much implicit trust in the use of these tools which has repeatedly proven unwise.\u00a0<\/span>\u00a0<\/span><\/p>\n Implementing robust network security measures is a sure-fire way to mitigate this risk. In our new whitepaper, <\/span>Best Practices for Securing Your Network from Ransomware<\/span><\/a>, and in this article, we share practical network security tips to help elevate your ransomware protection.<\/span>\u00a0<\/span><\/p>\n Micro-segmenting allows you to limit the lateral movement of threats. One way to achieve this is to create small zones or VLANs and connect them via managed switches and a firewall to apply anti-malware and IPS protection between segments. This lets you identify and block threats attempting to move laterally across your network.<\/span>\u00a0<\/span><\/p>\n ZTNA is the modern replacement for remote-access VPN. It eliminates the inherent trust and broad<\/span>\u00a0<\/span>access that VPN provides, instead using the principles of Zero Trust: trust nothing, verify everything. To learn more about the benefits of ZTNA over VPN, <\/span>read our article here<\/span><\/a>.<\/span>\u00a0<\/span><\/p>\n Always deploy the highest level of protection on your firewall, endpoints, servers, mobile devices, and remote access tools. In particular:<\/span>\u00a0<\/span><\/p>\n We recommend that you review your firewall rules and eliminate any remote access or RDP system access through VPN, NAT, or port-forwarding, and ensure that any traffic flows are properly protected. Eliminating exposure from remote access goes a long way in reducing the number of in-roads for attackers to launch ransomware attacks.<\/span>\u00a0<\/span><\/p>\n This is important for both your network infrastructure (such as your firewall or remote-access software or clients) and your systems given that every update includes important security patches for previously discovered vulnerabilities.\u00a0<\/span>\u00a0<\/span><\/p>\n Ensure your network operates on a zero-trust model where every user and device has to continually earn trust by verifying their identity. Also, enforce a strong password policy and consider adopting authentication solutions like Windows Hello for Business.\u00a0<\/span>\u00a0<\/span><\/p>\n Use automation technologies and human expertise to accelerate cyber incident response and remediation. Ensure your network security infrastructure helps you automatically respond to active attacks so you can isolate a compromised host before it can cause serious damage.\u00a0<\/span>\u00a0<\/span><\/p>\n An increasingly popular way to achieve this is via a managed detection and response (MDR) service. MDR is a fully managed, 24\/7 service delivered by experts who specialize in detecting and responding to cyberattacks that technology solutions alone cannot prevent.\u00a0 To learn more on the benefits of MDR, <\/span>read our article here.<\/span><\/a>\u00a0<\/span><\/p>\n To explore these best practices in greater detail and to learn how Sophos network security solutions elevate your ransomware protection, <\/span>download our whitepaper here<\/span><\/a>.<\/span>\u00a0<\/span><\/p>\n Sophos provides everything you need to fully secure your network from attacks, including firewalls, ZTNA, switches, wireless, remote-edge devices, messaging protection, MDR, next-gen endpoint protection, EDR and XDR. Plus, everything\u2019s managed via a single cloud management console \u2014 Sophos Central \u2014 and works together to deliver Synchronized Security and cross-product threat detection and response.<\/span>\u00a0<\/span><\/p>\n For more information and to discuss how Sophos can help you, speak with one of our advisors or visit <\/span>www.sophos.com<\/span><\/a> today.<\/span>\u00a0<\/span><\/p>\n <\/p>\n * The State of Ransomware 2022, Sophos<\/p>\n<\/p><\/div>\n1. Micro-segment your network<\/strong><\/h3>\n
2. Replace remote-access VPN with a Zero Trust Network Access solution (ZTNA)<\/b><\/span>\u00a0<\/b><\/span><\/h3>\n
3. Implement the strongest possible protection<\/h3>\n
\n
4. Reduce the surface area of cyberattacks<\/h3>\n
5. Keep your firmware and software patched and up-to-date\u00a0<\/strong><\/h3>\n
6. Use multi-factor authentication (MFA)<\/h3>\n
7. Instantly respond to cyberattacks<\/h3>\n
Learn more<\/h2>\n
![](\"https:\/\/news.sophos.com\/wp-content\/uploads\/2022\/11\/Ransomware-image.png\"\/)
<\/p>\n