How to create and manage the ransomware policy?

Follow these steps to setup and manage the ransomware policy in SysCloud Safety, Security & Compliance App:

  1. Log in to the SysCloud Application with your account credentials.

  2. Click “Safety, Security & Compliance”→“Create Policy.”

    Create policy
  3. Click “Ransomware” on the left pane.

    1. Click on the ransomware option on the left pane
  4. Click on the “COPY AND ACTIVATE POLICY” for instant policy activation. To customize the policy select the “VIEW AND EDIT POLICY” option.

    2. Customize the policy
  5. Create a name for the ransomware policy.
  6. Select the scope for the policy: users, groups, org units, or the entire domain, and click “NEXT.”

3. Select the users and domain

7.  Select the accounts where the policy needs to be applied and click “NEXT.”

4. select the accounts to which the policy applies

8. Choose additional domains, user, or org units to be excluded or included in the scope of the policy and click “NEXT.”

5. Exclude or include users

9. Select the cloud service to protect – you can choose Google Drive, OneDrive, or both – and click “NEXT.”

Choose the service

10. Choose the ransomware file types to scan and click “NEXT.”

Ransomware types

11. Select one or both the real-time actions for ransomware violations:

    1. Transfer file ownership to another user
    2.  Remove all access and quarantine files

8. Define real-time actions

12. Select whether you want to allow users to request exceptions on policy violations and click “Next.”

9. Manage exceptions

13. Choose the team members to be notified in case of policy violations. You can also select whether the policy violations need to be included in the weekly and daily threat reports.

Phishing  - incident reporting

14. Click “CREATE & ACTIVATE.”

Create and activate

Once the policy is active you will receive violation alerts based on your policy settings. Follow these steps to view and manage policy violations:

  1. Navigate to “Safety, Security & Compliance”→“Violations.”

11. Select violations

2. Select “Ransomware” on the left pane.

3. Click on the vertical ellipses on the right-hand side of the screen to view the violation or to share it with another user.

View violation

4. Select one or more violation(s) to perform the following actions:

    1. Remove all sharing
    2. Remove link sharing
    3. Remove external domains
    4. Restore sharing
    5. Take control from the owner
    6. Apply encryption
    7. Dismiss
    8. Remove all access and quarantine

Violation actions