This year we have seen a number of large-scale ransomware attacks. This is a fast growing threat that has significant costs for businesses both large and small. continues to grow it is imperative that businesses put in place measures to enhance their defenses.
So what exactly is a ransomware attack? A ransomware attack is effectively a category of cyber attacks that involves breaching an organizations system. Once inside, the malicious software then encrypts key data and locks the owners out. The owner is then asked to pay a ransom in return for access to their data. This type of attack inevitably takes a significant toll on the business owner who is, typically, ill prepared to deal with the initial demand for payment let alone additional complications of figuring out where else the business is exposed such as bank accounts, customer records or other important data.
Ransomware is a rapidly developing threat that offers cyber criminals the ability to undertake large scale attacks on hundreds if not thousands of businesses. A ransomware attack can hit any size of business from a small start up to a multi-national organization and costs businesses billions of dollars in lost productivity without including the cost of the ransom.
So how can small businesses protect themselves from the risks associated with ransomware? Thankfully, small businesses can significantly reduce the threat by implementing just a few simple security measures. By implementing these measures this will help to make your business less susceptible to ransomware.
Back up your company’s data using external services
The number of companies providing external backup services has grown significantly over the past few years. This offers small businesses a robust and cost effective way to have your systems backed up and stored in the cloud. However, it is important that the data is encrypted. In the event of a ransomware event you business will still have access to your data. You can back up a range of important data including financial statements, banking details, accounts receivable, email servers and customer records. This can be done very quickly and efficiently and will offer significant benefits to your business. However, it is important that back ups are done on a regular basis.
Use software as a service rather on premise
Nearly every service required by a business today from email to HR to CRM to social media can be purchased as a service. This provides small businesses significant advantages and particularly from a security perspective. This is because you are only accessing these services through a web browser and the files are not stored on a computer and are therefore, far less exposed to ransomware. Furthermore, most SaaS companies have comprehensive back up systems in place. This is due to the fact that should they lose any clients data it would have a dramatic impact on their business. We would recommend asking about a providers back up systems and policies before you purchase the service. For small businesses using SaaS as service has other security benefits and whilst there is a fee for using these services they tend to be more affordable than purchasing a standard commercial license.
Use a password manager and extend this to your employees
Password managers provide an ideal mechanism to improve the development and maintenance of you and your employees passwords. They are particularly useful for enforcing better password practices and also offer a number of benefits when recovering from an incident. Most password managers provide a service to help you go through your active accounts and change passwords to prevent attackers from accessing those systems. This is a particularly important feature of many password managers as it will quickly and efficiently allow you to change all your passwords during an incident potentially preventing the attacker gaining access to those specific accounts.
It sounds obvious but the main cause of a ransomware attack is still through basic phishing. Phishing emails often masquerade as notifications from a delivery service, an e-commerce service, a law enforcement agency or a bank. Better still incorporate some security awareness training into your program to educate your teams on the potential threats that your business faces. By taking your teams through the various attack vectors and threats this will help to ensure that they are cyber aware.