How to protect your business from Ransomware
🕒 2 min read
✏️ James McNab
Sneaking in the back like the naughty kid who’s late for school, is the latest challenge: defending your business against a rising tide of cyber crime
Specifically, one of the biggest challenges facing small and medium businesses today is how to combat Ransomware.
What is ransomware?
Ransomware encrypts your files without your consent—and only the developer of the ransomware has the key to solve it. Some forms of ransomware also spread across the network – as we saw in the case of WannaCry in 2017.
Once the infection is complete, a message will appear on your screen, demanding that you pay a ransom in bitcoins for your data. A typical ransom can be anywhere from £200 to £10,000, but some organisations have paid a lot more.
Crucially, Ransomware tends to work because cyber criminals understand their targets—down to their likes and dislikes and how they conduct business. They know what they will pay for their data to be released, and they exploit any weakness they find ruthlessly.
Targeted organisations often believe that paying the ransom is the most cost effective way to get their data back – and unfortunately, this might be true. The problem is that every single business that pays to recover its files is directly funding the next generation of Ransomware.
Why are SMBs a target for Ransomware?
Very often, Ransomware campaigns rely on a ‘human being’. Rather than trying to break through layers and layers of security technology that most enterprises have, if hackers can get someone to click on a link or open an attachment that contains malware, it’s very often “job done”.
Employees play the important role of being first line of defence.
Here are some best practices to defend your business against Ransomware:
1. Conduct regular employee cyber security awareness and training
This should be engaging and focus on the latest information on security threats and tactics. That way, they’ll understand better why you have strong password requirements and the role of authentication in security.
2. Explain incident reporting procedures to your employees
Ensure that users feel comfortable reporting security incidents with messages like ‘You’re the victim, not the perpetrator’ and ‘The cover up is worse than the event’
3. Remember to cover physical security
Although they’re less common than other forms of social engineering, visitor escort policies such as ‘dumpster diving’, ‘shoulder surfing’, and tailgating, which potentially threatens their personal safety as well as information security, should be reiterated to users.
4. Perform ongoing risk assessments
Identify any security weaknesses in your organisation, such as conducting periodic port and vulnerability scans. Ensure solid and timely patch management (a lack of this is what caused WannaCry to spread so rapidly), and centralise security logging on a secure log collector or security incident and event management (SIEM) platform. Make sure you frequently review and analyse log information.
5. If the worst does happen, then ensure your network is segmented to the extent that user privilege is limited
This will help eliminate ‘privilege creep’ where an attack will try and get some sort of administrative rights to the network, and thus cause more damage.
Find out more on network security on our dedicated page for small and medium businesses.
6. And of course, never underestimate the importance of regularly backing up critical systems and data!
Regularly test those backups to ensure they can be restored, and also make sure they’re encrypted and maintain them offline or on a separate backup network.
Read our 2018 SMB cyber security report for the latest threats and how to defend your business against them.
To see more about the important role that people play in defeating Ransomware, take a look at this ‘Anatomy of an Attack’ video:
For more details on how you can build a robust security defence against Ransomware, visit our dedicated web page