Ransomware is a kind of malware that typically encrypts data, blocking access to it until a fee is paid to the attacker. While the hype used to outweigh the actual risk, ransomware has evolved, spread and grown rapidly more sophisticated in response to our efforts to defend against it.There have been some high-profile ransomware attacks in the last few years, as part of a growing tide of threats. Ransomware volumes increased by 350% in 2017 alone, according to a recent NTT Security report. Security professionals tasked with safeguarding company data must have ransomware on their radars and it\u2019s crucial to take steps to mitigate the threat.Prevention is always better than cure, but no security system is perfect, so it pays to prepare for the worst by creating a recovery plan. We\u2019ve got a list of 10 best practices here that will help you to prevent ransomware attacks, detect them when your defenses fail, and to bounce back from them with as little disruption as possible.1. Security awareness trainingThere are a few different ways that ransomware can get into your network, but one of the most likely is via a phishing attack. As soon as an employee unwittingly taps or clicks on a link they shouldn\u2019t or opens the wrong email attachment, ransomware may gain a foothold on their system and rapidly spread across your network. Launch a proper security awareness training program and reduce the threat of employee error leading to a ransomware infection.2. Updates, patches and configurationProper endpoint security hygiene is essential in preventing ransomware. Attackers will typically look for vulnerabilities and misconfigurations that they can exploit to gain access to your network. Don\u2019t make it easy for them. Ensure that devices and systems are regularly updated with the latest security patches, don\u2019t make do with default configurations, and take the time to disable any features you don\u2019t need.3.\u00a0 Up to date asset inventoryIf you don\u2019t know precisely what devices are legitimately connected to your public and private clouds, then how can you hope to recognize or prevent an attack? You need a real-time overview of all devices on your network and a clear understanding of what permissions each device should have based on the user. Do you know how many unmanaged devices you have in your network?\u00a0 IoT is a big target.4. Continuous vulnerability assessmentCybercriminals will always take the path of least resistance and so ransomware attacks often exploit known vulnerabilities in popular software. You need a security system that\u2019s updated with the latest revelations in terms of vulnerabilities, and this data must be cross-checked with your network to ensure you\u2019re not offering an easy route in.\u00a05.\u00a0 Real-time traffic monitoringThere\u2019s a lot of focus on filtering and blocking inbound connections, but you should do the same with outbound connections as well. Ransomware will typically gain access and then dial home for further instructions. If you can block initial outbound attempts to connect to the attacker\u2019s server, then you may be able to stop the ransomware attack before it gets off the ground. Any suspicious traffic in either direction should be flagged automatically and generate alerts for further investigation.6. Intrusion detectionFor proper protection, you need a system that can recognize the signs of a ransomware attack whether it\u2019s communication with a known bad actor, sending data via a covert channel, or disabling firewalls or antivirus software. Suspicious updates to policies, unscheduled scans, and update failures can also all be warning signals. Spot them in time and you might be able to quarantine infected systems before the ransomware spreads.7. File integrity monitoringIf you set up file integrity monitoring on business-critical data, then you\u2019ll get automatic alerts if any critical file is accessed or altered. This can help you to spot a ransomware attack much more quickly and act to limit its impact.\u00a0 Who has access and what are they accessing?\u00a0 The best is understanding a user\u2019s normal behavior.8. Log monitoring and analysisIt is impossible for cybercriminals to launch and run a ransomware attack without leaving traces of their activity across your network. Consider employing security information and event management (SIEM) software capable of scanning system logs, app logs, and activity logs to collate and analyze data and flag unusual behavior. \u00a0User and entity behavior analytics (UEBA)\u00a0is the next piece of the puzzle.9. Continuous threat intelligenceYou need to be monitoring your network in real-time to gain a clear picture of your security, but every monitoring tool is only as good as the information it has. The latest threat intelligence is vital if you expect to catch ransomware attacks swiftly and prevent them from spreading. Beyond specific known threats in terms of ransomware flavors, you also want to arm security software with an understanding of the latest types of activity and behaviors common to cutting edge malware.\u00a0Artificial intelligence and machine learning are now being incorporated in many of the latest network security technologies to be your second set of eyes.10. Reliable backup and recoveryEven if you take every possible precaution to try and prevent ransomware from gaining entry and to swiftly detect attacks, there may still be times when your defenses fall short. The single best way to safeguard against ransomware attacks and lessen the potential impact on your business is to maintain a regular, secure backup system alongside a clear recovery plan that allows you to restore a recent backup immediately should you need to.As ransomware and zeroday attacks continue to grow more sophisticated and we see a rise in ransomware and zerodays used as diversionary, destructive tools, it\u2019s vital that security professionals are conscious of the risks it poses. Take the right steps to prevent, detect and recover from ransomware and you can dramatically reduce its potential impact on your business.