From the attack on Hackney council to the Kaseya attack that demanded $70 Million USD, ransomware is posing more of a threat than ever. Especially thanks to COVID-19. For those who are unfamiliar, ransomware is a type of malware that is stealthily installed on an unsuspecting user’s P.C to extract money from their organisation. Before we go into how to protect yourself from ransomware, let’s first address…
How is ransomware used against businesses and what are the risks of not protecting against it?
Ransomware is designed to encrypt data on a user’s computer, leaving the hacker with control over the computer. To win back control, the victim must pay the hacker a ransom to decrypt their data. On top of that, ransomware can easily spread beyond a single computer, infecting an entire network and its devices. This can cause millions more in damage, by completely shutting down an organisation and its customers, not to mention ruining a business’s reputation.
How to protect yourself from ransomware
Ensure your antivirus is up to date
Anti-virus software is always trying to stay one step ahead of cybercriminals. Hence why it releases regular updates. Therefore, failure to update your antivirus can leave your systems exposed to newer, smarter cyber threats that an out-of-date antivirus won’t be prepared for.
Enable multi-factor authentication
Having a second security protocol in the form of an OTP (One-time Password) or piece of biometric data such as a fingerprint scan can be a great belt and braces approach; an attacker might crack one password, but them cracking an additional layer of authentication is less likely.
Apply software patches to keep systems up to date
Similarly, your IT software is constantly being updated and patched so that there are no easy opportunities for hackers to take advantage of. Keep all your software up to date to avoid hackers exploiting its weak spots.
Allowing as little permission as possible
Should a criminal break into a device on your network you’ll want to give them as little access to the rest of the network as possible. This means employing the principle of least privilege; giving your employees the minimum amount of access for them to do their jobs. Combining this with application whitelisting – only permitting certain apps to run on your IT – can be a great belt and braces approach.
Go beyond antivirus
Your standard antivirus is no longer enough. To stay one step ahead of the cyber criminals you’ll need anti-malware or advanced threat protection which can help prevent attacks before they even occur.
Use a VPN
Public Wi-Fi, typically found in airports and coffee shops does not have the same level of protection that your office Wi-Fi will. Thankfully accessing it through a VPN puts a protective layer between you and the public Wi-Fi so, it’s important to remind your employees to use a VPN in these situations as it’s the safest method when using public Wi-Fi.
Be wary of the Dark Web
Your business’s passwords and employee data will be of considerable value to the right buyer on the Dark Web. Performing a Dark Web scan can check to see if they’ve fallen into the wrong hands and if they need changing.
Ensure your data is backed up
Sometimes cyber criminals can compromise your security despite all your best efforts. Should you face a worst-case scenario, you’ll need an up-to-date backup of your entire business’s IT to restore from and as best practice, it should be tested regularly to ensure it covers everything you need.
Train staff to handle phishing scams properly
This is a big one, and probably the most important point on this list. Scammers know that your employees will be the weakest line of defence. Hence why they pepper cyberspace with phishing scams. Your team must be trained to never click on unsafe links, never download from unknown sources, and be able to spot a phishing scam a mile off. This is where good training comes in.
Sometimes the worst does happen. And that’s why to complement every piece of ransomware defence, there should be a solid backup and recovery plan. Good cyber security should be a holistic solution; all of the above implemented and a plan to stick by should the defences not work.
If you’re looking for peace of mind when it comes to your business, click below, and book a cybersecurity consultation to establish how your business can better protect itself.