The 3 Things You Must Do Right Now to Protect Your Business from Ransomware Attacks
Ransomware is one of the single most significant security threats all small businesses face right now. Covid-19 quickly forced the world to pivot working remotely and move more data to the cloud. This rapid global shift forced small businesses to adapt so fast that, in many cases, security was (and may still be) an afterthought.
Meanwhile, the bad guys have not taken a vacation. Instead, the number of ransomware attacks spread by leveraging our fear and confusion about the virus has grown. Email is the favored ransomware delivery method. The subject line and content matter related to the virus not only make it through spam filters, but they play upon our curiosity and fears.
Ransomware is a specific type of malware. Once activated on your network, ransomware slowly and quietly encrypts your data files. The software scrambles the document and program files in the background, reaching out to shared resources such as external hard drives, USB drives, and network folders.
Once the ransomware has completed its mission of making your data completely inaccessible, it then announces itself and presents your business with a choice. Pay the ransom to retrieve your data or lose it forever. More shocking is that criminals are now threatening to publicly expose your company as having had a data breach. Not only does this include releasing the data publicly, but criminals have even taken out Facebook ads advertising the fact that the business has been breached.
The news is full of reports about large companies, hospitals, and even government agencies that faced ransoms in the millions. However, many small business owners believe that they are not a target because they are not ‘big enough’ and are not in ‘that industry.’
The truth is, however, that ransomware attacks happen across all industries and businesses of all sizes, even those with just a few computers. According to some industry reports, average small business ransoms range from $4,300 to $5,600. I do not know about you, but that’s not chump change for my business.
More damaging, however, are the reputational effects and the cost of downtime and lost productivity that affected small businesses face. It can take days or weeks to restore systems. Of course, your business’s additional cost is in the IT cleanup and recovery itself. All said these costs can add up to tens or hundreds of thousands of dollars.
If the thought of your business being held ransom by a bunch of criminals, losing thousands of dollars, and halting make your blood boil, then here are the three key steps you need to take now.
First, know that no security solution is 100% effective. The best security a small business can implement is a layered approach. Layered security means that you are implementing many separate security components to block as many entry points for the malware as possible. No one layer is expensive or costly, but together they create an excellent deterrent and protection.
There are 7 layers of security I recommend to my clients.
Still, the three below are my minimum must-haves to protect your company. The first recommendation may seem unusual, especially because it is not commonly thought of as a security measure. I am talking about your backup. Although this is the last defense against ransomware, I will address it first. It is the most overlooked, and most business owners get it wrong.
It is no longer adequate to rely on external hard drives or file syncing tools like Dropbox. There are five key factors you must have in your backup. For this discussion, I am going to emphasize backing up essential computers, including servers. Still, the same rules apply to backing up any data you may have, even if it is already stored in the cloud somewhere.
Your backup must be taking complete snapshots, images of your system. These images take a picture of the entire computer, not just the data itself. This single factor alone can make a difference in taking hours versus days to recover from a cyberattack. Image-based backups allow your IT company to quickly restore your devices, in their entirety, from the backup without the need to reinstall your computers from scratch, a tedious and time-consuming process.
Further, your backup must be occurring more than once per night. Ideally, your backup takes snapshots multiple times throughout the day. This should be at least 3 or 4 times during your workday. Armed with a snapshot that is just an hour or two old decreases your data loss and the time required to recreate any recent input data.
Next, the backup must be automated and verified. In the over thirty years in this industry, I have seen very few businesses that have the discipline to ensure that backups are regularly occurring. Nobody even checks to see if the backups worked. A corrupt or failed backup is worthless.
Lastly, the backups must be offsite. This does not mean it is stored in your car or even in your home. Why? If you are taking your backup home every night, it is likely to be on an external drive. That external drive is exposed to theft, damage and is surely not encrypted. The backup solution should securely encrypt the data and deliver it to a secure offsite location without your intervention. Data that is encrypted, even if intercepted, protects you from exposing the actual data. The breach does not have to be reported if the data was encrypted.
The next layer you cannot avoid is a quality email filtering system. I am not talking about the junk mail or spam folder in your software or the one provided by the email provider. Since 90% of ransomware is delivered directly to you and your staff via well-crafted emails designed to bypass most spam filters, you need something more substantial.
A quality email filtering solution should be provided by another party. Why? Because you want to stop that malicious email from ever hitting your inbox in the first place. By implementing a solution outside of your current provider’s, you save space, reduce backup costs, and of course, protect yourself from malware.
Do not stop there, though. Your email filter should also contain what we call URL protection. Since malware and Identity thieves will frequently include a link to a website, you must block that as well. With URL filtering in place, the email filter will replace each website address in an email. Click a link in your email and the filter will evaluate the link before either sending you on to the destination or blocking it.
The final layer I want to discuss is training and education. Even cybersecurity experts admit to being tricked by the ever-changing scams and phishing emails. If professionals fall victim to the very thing that they are experts on, how can you and your staff feel confident in your ability to discern a legitimate vs a professionally crafted swindle?
You need good healthy paranoia, combined with ongoing training for your staff. Regular training may include webinars and seminars. However, it is also essential to be even more proactive about this.
I recommend investing in a service that regularly sends test emails to your staff, records their results, and educates them when they click a malicious link or enter credentials into a test site. These services may even include additional regular training videos.
Protecting against today’s ransomware has been made more difficult by everything in 2020. Criminals leverage remote workers prey on our fears. This has led to increased ransomware attacks on all businesses in all industries and of all sizes.
A robust, automated, and frequent backup solution helps you recover quickly. The right type of email filtering provides two additional protection layers by filtering know spam and phishing attempts and reviewing links to malicious websites. Lastly, we are always the weakest link. Implement a regular education program that adapts to the changing cyber threats and tests your users regularly.
While there are other layers of security you should implement, these three deserve your extra attention given today’s new work environments.