- Participate in security awareness training to provide a strong line of defense and identify red flags in potentially malicious communications.
- Navigate directly to legitimate websites and verify websites before submitting account credentials or providing personal or financial information.
- Examine search engine results and advertisements before clicking links or downloading software.
- Obtain software from legitimate developers or companies after analyzing customer reviews.
- Use strong, unique passwords and enable multi-factor authentication (MFA), choosing authentication apps or hardware tokens over SMS text-based codes.
- Reduce your digital footprint to reduce the likelihood of becoming a target for malicious actors.
- Apply the Principle of Least Privilege, segment networks, and implement a defense-in-depth strategy.
- Keep systems up to date and apply patches after appropriate testing.
- Conduct vulnerability scanning and ransomware readiness assessments.
- Establish a comprehensive data backup plan that includes regularly performing scheduled backups, keeping an updated copy offline in a separate and secure location, and testing it regularly.
- Ransomware mitigation techniques and recommendations are available in the Ransomware: The Current Threat Landscape and the Ransomware: Risk Mitigation Strategies NJCCIC products.
