Ransomware attacks are becoming a major problem for businesses all over the world, and their occurrences have risen significantly in Canada.
According to a survey conducted in October of 2019, 88% of Canadian businesses said they experienced a data breach during the year prior. And south of the border, the FBI reported a decrease in the number of broad ransomware attacks but with an increase in the number of losses that victims suffer.
A ransomware attack has the power to stranglehold your business and can cost you significant amounts in lost revenue and damaged reputation.
To avoid getting caught in this trap, you need to take steps to protect your data and your business.
Here are 6 steps you can take to protect yourself from ransomware attacks:
1. Update Antivirus Software
It may seem like an obvious step, but many businesses forget to keep their antivirus software up to date.
Antivirus programs are powerful protection agents that are designed to spot suspicious behaviour and send you an alert. File encryption is one of the hallmarks of ransomware and an antivirus app can monitor files for these activities.
If your software is not up to date, it cannot help to keep you safe from the latest and most recent cybersecurity threats.
2. Know What is Connected to Your Network
Company PCs and servers will be connected to your network, so keeping them protected is central to protecting your company’s data. However, they aren’t the only devices connected to your network.
With mobile devices, remote workers, and the internet of things, there are lots and lots of devices connecting to your network. And, unfortunately, many of these devices lack crucial security features. Because of this, these devices are susceptible as possible points of entry to your otherwise secure systems. Ransomware attackers seek out these types of security loopholes.
It’s important to limit these connections wherever possible. You can do this by setting the privileges settings for IP access and by limiting the number of people who are able to install and run software on connected devices.
Managing privileged accounts in this way can provide ransomware protection and restrict backdoor access points from being created on your network. The fewer openings you have, the easier it will be to find and contain any malicious attacks.
3. Train Your Staff
No matter what steps you take to protect your data, your security measures may still be ineffective if your staff is unprepared for malicious attacks.
One of the most common ways that ransomware accesses your system is through email. Malware is easy to spread in simple email chains. It is a cheap and easy action for hackers and, unfortunately, quite effective.
Train your staff to recognize the hallmarks of suspicious emails:
- Don’t open emails from senders they do not recognize
- Don’t click on links in an email unless they are certain it is legitimate
- Don’t open attachments they are not expecting to receive particularly those that ask you to enable macros
For additional security, consider adding two-factor identification.
Make sure that, at the very least, your employees and staff understand the risks that can enter your network through emails and that proper precautions are just a part of their daily routine.
4. Change Default Passwords
Sometimes the simplest steps are the ones that are going to keep you most safe.
Brute force attacks and remote desktop protocol (RDP) attacks are also a common way for ransomware to spread. Hackers make attempts to access servers or other devices by trying as many passwords as they can. In many cases, they will employ bots to increase their chances of getting the right password.
If your company has not changed default passwords or the passwords they are using are weak and using easy-to-guess combinations, then it is only a matter of time before a system exploit recognizes this and takes advantage of your company.
Beyond using strong passwords, consider changing your RDP port or limiting its availability to only the devices that need it.
5. Manage Assets
It may not be necessary to protect ALL of your files but it will be necessary to protect SOME of them.
It is important that you know which assets and pieces of data are most important to your business. Is it client health records? Financial and accounting records? Whatever it is, you need to be aware of sensitive assets so your ransomware protection plan makes sense for your data.
While it is ideal to have a full backup and recovery plan in place, you should, minimally, have vital protections in place for your most valuable assets.
6. Create an Effective Backup Strategy
Probably one of the best, and most important, steps in ransomware protection is creating and implementing an effective backup strategy. In fact, a proper disaster recovery plan can help protect you in a number of scenarios from natural disasters to malicious attacks on your networks.
One of the easiest ways to do this is to hire a cloud backup service. Providers like Mastermind Backup that offer solutions like ACRONIS can offer peace of mind through the enhanced ACRONIS ransomware protection.
Choose the cloud backup solution that fits your needs. You don’t need to pay for a terabyte of storage if you only need to back up a small number of files, for example.
From there, set up a backup schedule. For those in the medical, legal, or accounting industries, it is likely that you will be inputting data and making changes to files on a daily basis. In these instances, it might be wise to establish a daily backup that takes place overnight.
The more frequently you back up to the cloud, the less data you stand to lose and the easier it will be to recover and get your business back on track.
Ransomware attacks are a common threat to any business that accesses the internet. But just because these types of attacks are common, it does not mean you have to fall victim! By taking the 6 steps laid out above, you can keep your data, your business, and your bottom line safe.