Ransomware is such a growing problem that the FBI recently put out a ransomware alert this past October titled, “High-Impact Ransomware Attacks Threaten U.S. Businesses and Organizations” to warn companies about the growing sophistication and increased cost of ransomware.
They’ve been collecting data for years on ransomware attacks in the U.S. and have found that these attacks are becoming more targeted and the losses companies experience as a result of them have increased significantly.
Small businesses are a particularly prime target of this type of crime because hackers bet on the fact that they may not have the same managed IT security and data security protections as larger companies.
A ransomware attack can be particularly insidious because it puts a business in ‘panic mode’ needing to make a decision immediately or otherwise risk their ability to continue operating at all.
How Does Ransomware Work?
Instead of taking a person hostage and demanding a ransom, this digital form of the crime takes your data hostage, making it unreadable and unusable. For example, for a hospital this can mean suddenly having no access to patient records and the inability to check in new patients or access any insurance data or scheduling information.
What ransomware does is encrypt your data so that your systems can’t read it. The hacker then demands a ransom, usually in untraceable bitcoins, to release to you an encryption key to undo their damage and get your files back.
How does ransomware infect your device and network?
Phishing emails with malicious links or attachments are by far the most common way. Here are the standard methods of infection for ransomware:
- Phishing emails
- Social phishing
- Software & OS vulnerabilities that are unpatched
- Attack on a vulnerable web server
How much does a ransomware attack cost?
The estimated cost per ransomware attack is $36,000. Costs go beyond the initial ransom requested, and include the cost of downtime and loss productivity, loss of business, and emergency IT costs to reverse the damage and fortify the network.
Ransomware attack costs nearly tripled for companies in Q2 2019.
What Should You Do to Protect Your Office from Ransomware?
As ransomware has become more targeted and sophisticated over time, it’s become necessary to employ several strategies for defending your office against it.
The cyber defense best practices recommended include the following.
Keep Data Backed Up & Regularly Verify It
Companies that have a backup copy of all their data that they can easily restore never have to worry about paying a ransom. The ransomware attacker’s threat only works if you aren’t able to restore your data any other way.
Be sure to regularly verify that backups are going smoothly, and they haven’t hit any stops or run out of space. It’s good to consistently check data integrity during a restore process drill as well.
Have an Update & Patch Management Strategy in Place
A significant number of data breaches take advantage of software and operating system vulnerabilities that aren’t patched.
1/3 of data breaches are due to unpatched vulnerabilities.
If you’re relying on employees to apply updates to their devices and software, then you could end up with some of them not being applied in a timely manner and leaving your network vulnerable. The easiest way to ensure updates are being handled properly is to sign up for a Managed IT Services Plan with update and patch management.
Protect Emails from Spam and Phishing
With phishing being the number one delivery method for ransomware and other forms of malware, it’s important to have safeguards in place that can protect your users’ inboxes from malicious threats.
Using things like anti-phishing software and Hosted Exchange Email with modern authentication can help you reduce the chances that a phishing email will get clicked on and a device infected as a result.
Ongoing Employee Training & Awareness
To keep your team on their toes and help improve their cybersecurity hygiene, you should have regular data security and ransomware awareness training to help them understand the types of threats that company networks face. Tips on spotting phishing emails and steps on what to do if they spot something suspicious on their computer, go a long way towards fortifying your security defenses.
Create Control Settings that Don’t Allow Scripts to Run Unchecked
Certain types of ransomware can be delivered via an innocent-looking Word document that upon opening, automatically runs a macro that can initiate an infection. You want to ensure that all your Office programs have the ability to auto-run macros turned off.
Going deeper, you can also use threat protection software that stops any untrusted program from executing a script or causes a trusted program to execute one without your permission.
Use Strong Password Security
Often, the weakest password in your office is all that’s keeping out a hacker trying to plant ransomware. Adopt good password practices, such as:
- Requiring the use of strong passwords
- Using multi-factor authentication
- Using a password management tool
Strengthen Your Defenses & Keep Your Technology Running Smoothly with Managed IT Services
Managed IT services with Unbound Digital offer multiple security protections, like patch management, hourly reporting, and managed antivirus and anti-malware. Plus, additional benefits that keep your technology running efficiently.
Learn more and sign up today by calling 423-335-2461 or contacting us online.