Basic Preventative Steps for Organizations

The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) recently issued a Ransomware Profile* identifying steps organizations can take to prevent, respond to and recover from ransomware events**. According to the profile, its “purpose…is to help organizations identify and prioritize opportunities for improving their security and resilience against ransomware attacks.” NIST encourages organizations to use the document as a guide for profiling the state of their own readiness and to identify gaps to achieve their goal.


Modeled on NIST’s Cybersecurity Framework Version 1.1, the profile provides practical guidance to organizations to protect against the ransomware threat, including the following “basic preventative steps”:

  • Use antivirus software at all times;

  • Keep computers fully patched, including scheduled checks and installation of patches “as soon as feasible”;

  • Segment networks;

  • Continuously monitor directory services (and other primary user stores) for indicators of compromise or active attack;

  • Use products or services to block access to server names, IP addresses, or ports and protocols that are known to be malicious or suspected to be indicators of malicious system activity;

  • Allow only authorized applications—including establishing processes for reviewing, adding or removing authorized applications—on an allowlist;

  • Use standard user accounts versus accounts with administrative privileges whenever possible;

  • Restrict personally owned devices on work networks;

  • Avoid using personal apps—like email, chat and social media—from work computers;

  • Educate employees about social engineering; and

  • Assign and manage credential authorization for all enterprise assets and software, and periodically verify that each account has the appropriate access only.

The profile outlines steps that organizations “can take now” to help recover from a future ransomware event, including:

  • Develop and implement an incident recovery plan that has defined roles and strategies for…