Another day, another organization brought to it's knees by ransomware. What can you do to protect your business from this type of devastation?
Last August, Louisiana Governor John Bel Edwards declared a state of emergency.
This wasn’t due to a hurricane or any kind of natural disaster. The state of emergency was declared because an employee clicked a link in an email and downloaded ransomware.
This single mistake infected three school districts, making all files encrypted and inaccessible. Cyber security experts in the National Guard were called in to attempt to resolve the issue before the school year even began.
However, your business certainly can’t call in the National Guard for assistance, so you better hope your employees know enough to prevent these kinds of problems in the first place!
With ransomware, your data is held hostage. You have no way to access it without paying the amount of money demanded by the attackers. You can’t run an anti-virus software to clean your machine. You can’t ask your IT guy for help. You are at the mercy of your attackers.
Also, don’t think you're too small to be infected. Hackers know that small businesses usually have fewer security resources than larger entities, and for that reason, 71% of ransomware attacks targeted small businesses in 2018.
In response to the Louisiana event, the Cybersecurity and Infrastructure Security Agency (CISA) released a ransomware statement with recommendations for government agencies, but these three points can be applied to every business, not just government entities.
Three Things You Can Do To Protect Your Business From Ransomware Attacks
1. Backup Your Systems Now (and Daily)
Regular backups keep your data safe - but make sure you are using the RIGHT backup and recovery solution!
In the event of a ransomware attack, hardware failure or even a natural disaster, external data backups can salvage your information.
You also need to make sure the scheduled backups are working properly, so you need to test them fully on a regular schedule. CISA also recommends fully patching and updating all software and firmware after recovering data from a backup.
Don't have an automated solution for updating and patching your software? Consider outsourcing this and other manual functions to an IT Services Provider.
2. Reinforce Basic Cyber Security Awareness and Education
In some cases, like the recent Capital One data breach, a technical mistake (in this case, a mis-configured Web Application Firewall) can create openings for cyber criminals.
However, ransomware and all phishing techniques “Require the human element to succeed.”
You have to click the bad link or open the infected attachment for the ransomware to be installed. Basic knowledge of threats, such as what phishing attempts look like or how to check a link’s authenticity, is useful to everyone.
END USERS MUST BE TRAINED! Consider looking into Phishing Prevention Training.
3. Revisit and Refine Cyber Incident Response Plans
All organizations need to have a true business continuity plan. There is a big difference between data backup and business continuity!
A clear and detailed description of the data recovery process in the event of an emergency can keep your business running, even in the face of disaster.
If you don't have the in-house talent that can provide this, consider working with a professional IT consulting firm to ensure you're properly covered.
Untrained Employees are the Reason Ransomware Works!
Cyber attacks like phishing and ransomware simply don’t happen without a person being deceived. A recent study found that 91% of cyber attacks start with a phishing email.
All the firewalls and anti-virus software in the world can’t prevent the dangers of an uneducated user.
End users are the easiest target for attackers. Your spam filter may be good, but eventually a phishing email will sneak through, and an uneducated user may click a link that ends your business entirely.
Don’t think you can beat the system. Ransomware works. Sometimes, there’s simply nothing you can do besides pay the money and hope your data is returned to you. In June, with no other viable option, a city in Florida paid $600,000 in return for access to their own files.
The good news in all of this is, an infected link can’t do anything to your business if it’s never acted upon. Once your employees know what too look for in a malicious email, they'll be triggered into vigilance every time they receive an email from an unknown contact.
But of course, you'll have to get those users trained first.
There has to be a better option than telling everyone not to click any email hyperlinks and keeping a half million in cash around to pay the inevitable ransom, right?
Cyber Security Services Can Stop Ransomware Proactively
Sure, you can forward that email with news of the latest data breach to the entire company. You can also send out links to YouTube videos on phishing prevention, hoping employees watch them. Your emails will most likely end up unread in the Deleted Items folder.
The best option is simply to call in the cyber security experts who can offer you ongoing managed cyber security services.
This includes phishing prevention training which should be a requirement for any business that takes their data security seriously. A 12-month campaign that educates, tests, and reports back to all of your employees on the latest cyber attacks ensures that everyone from the secretary to the CEO is aware of every type of threat in today’s business tech.
You should also consider Endpoint Detection and Response (EDR). With EDR, you’ll have a constant, state-of-the-art adaptive protection solution monitoring every workstation on your network. The best part is, you don’t have to lift a finger. EDR is supported 24/7 by our team of security experts. They respond immediately to any threat, and resolve the issue without interrupting your work day.
Don’t let your business become another statistic. Call today to start a security audit risk assessment from our trusted experts, schedule your user training, and do your due diligence to keep the data you work with every day safe from digital threats!