Swiss National Life

Keep you company protected from cyber crime

Ransomware and Extortion Attacks

1. Data Backup & Recovery Policy

  • Implement automatic, encrypted, and offsite backups of critical data.
  • Use the 3-2-1 backup rule (3 copies, 2 different media, 1 offsite).
  • Regularly test backup restoration to ensure data can be recovered.
  • Store backups in a way that prevents ransomware from accessing them (e.g., air-gapped or immutable storage).

2. Endpoint Security & Antivirus Policy

  • Deploy next-gen antivirus (NGAV) and endpoint detection & response (EDR) tools.
  • Require real-time scanning of files and attachments for malware.
  • Block unauthorized software installations using application whitelisting.
  • Automatically isolate infected devices to prevent lateral movement.

3. Email & Phishing Protection Policy

  • Implement email filtering and scanning to block phishing attempts.
  • Use DMARC, SPF, and DKIM to prevent email spoofing.
  • Train employees to recognize malicious email attachments, links, and social engineering attacks.
  • Prohibit enabling macros in email attachments by default.

4. Patch Management & Vulnerability Policy

  • Enforce regular software updates and patching of operating systems, applications, and firmware.
  • Use automated vulnerability scanning to detect security weaknesses.
  • Establish patching SLAs (e.g., high-risk vulnerabilities patched within 48 hours).
  • Require legacy system replacement if security updates are no longer available.

5. Network Segmentation & Access Control Policy

  • Implement Zero Trust Architecture (ZTA) to limit access based on identity verification.
  • Use firewalls, network segmentation, and VPN restrictions to control traffic.
  • Restrict admin privileges to essential personnel only.
  • Require Multi-Factor Authentication (MFA) for remote access, VPNs, and privileged accounts.

6. Incident Response & Ransomware Playbook Policy

  • Develop a ransomware-specific response plan with clear roles and responsibilities.
  • Establish a crisis communication plan to notify stakeholders without worsening the situation.
  • Work with law enforcement & cybersecurity firms in case of extortion.
  • Prohibit employees from paying ransoms without executive approval.

7. Secure Remote Work & Bring Your Own Device (BYOD) Policy

  • Enforce VPN usage with encryption when accessing company resources remotely.
  • Mandate corporate security software on personal devices used for work.
  • Restrict the use of personal cloud storage for company files.
  • Enable remote wipe capabilities for lost or stolen devices.

8. Least Privilege & Admin Account Security Policy

  • Follow the Principle of Least Privilege (PoLP)—limit admin access to only what is necessary.
  • Require separate accounts for administrative tasks (no dual-purpose accounts).
  • Monitor and log privileged account activity for unusual behavior.
  • Implement Just-in-Time (JIT) access to reduce persistent admin privileges.

9. Threat Intelligence & Security Monitoring Policy

  • Deploy Security Information & Event Management (SIEM) systems for real-time threat monitoring.
  • Subscribe to cyber threat intelligence feeds to stay updated on new ransomware variants.
  • Require 24/7 security monitoring via internal teams or Managed Security Services Providers (MSSPs).
  • Conduct regular penetration testing to identify security gaps.

10. Employee Cybersecurity Awareness & Training Policy

  • Conduct mandatory ransomware awareness training for all employees.
  • Run regular phishing and social engineering simulations.
  • Encourage a culture of reporting suspicious emails and activities immediately.
  • Implement a zero-tolerance policy for security negligence.