How to Prepare Your Business Against Ransomware Attacks

If you are a business owner, then you should always be prepared to defend your website and other digital assets from ransomware attacks. Ransomware attacks increased 120% in 2020, and we continue to see a significant increase in the first part of 2021. In 2019 62% of ransomware incidents targeted small to mid-sized businesses. Small businesses can not afford to ignore ransomware threats.

Ransomware attacks typically involve the encryption of data followed by a demand for payment in exchange for restoration. They can be extremely very costly and disruptive to the operational resiliency of an organization.

These guidelines can protect businesses against a variety of threats, including ransomware attacks.

Steps to Take to Protect Your Business

It is important to be aware of the impact of ransomware attacks against your organization. If your business relies on information systems to operate, then you are at risk! The guidelines below can help prepare your business for and possibly prevent such an attack:

1. Avoid phishing scams - The majority of ransomware attacks start with phishing emails. This means that employees are the first line of defense against ransomware attacks. Make sure that employees are aware of the risks with phishing attacks and how to detect and prevent them. Also, use email software that detects phishing emails and prevents their delivery.  Google Workspace and Microsoft 365 have these features built in by default. 
2. Safely store and transmit passwords - Use a password manager like KeePass or 1password. Avoid storing passwords and sensitive information in documents, spreadsheets, text files, CRMs and more. Make sure to use a secure method to transmit passwords and other sensitive information, like madpush.net.
3. Confirm who you’re speaking with before giving out sensitive information - Social engineering is the act of trying to obtain sensitive information by people unauthorized to access it. If you are not 100% certain that the person you are speaking to is who they are, then use two additional pieces of non-public information to confirm their identity. This could be a customer pin code, customer website, or other private information.
4. Make sure all systems, websites and applications are kept up to date - Vulnerabilities in websites and other systems give attackers a way in that could not only be operationally disruptive but also embarrassing. Be sure to keep any websites and applications you use up to date to prevent such attacks.
5. Make sure your computer is running the latest operating system and virus scanning software - In the event that a virus is downloaded to your computer, antivirus software can prevent a catastrophic ransomware attack. Furthermore, make sure all software on your computer is kept up to date to prevent the exploitation of security vulnerabilities.
6. Make sure all employee hard drives are encrypted - Your computer contains a variety of sensitive information including websites you visit, sensitive documents, and passwords. You should use disk-level data encryption on your computer to protect that data in the event that the physical machine is lost or stolen. This can be done on Mac, PC, and Linux
7. Ensure that there are complete backups of your data, stored at an offsite location - There are many reasons to back up your data. Equipment failure can happen at any time, and even cloud providers can be compromised. Keeping your data in multiple locations is the best way to ensure operational resiliency. Backups should also be tested so that you can be sure that they’re properly working and can be easily restored. One important note: if you keep your data in cloud storage (like Dropbox, OneDrive, or Google Drive), you’ll still want to back up that data at an additional location to ensure resiliency against ransomware attacks.
8. Use multi-factor authentication (MFA) wherever you can - Sometimes referred to as two-factor authentication (2FA), this mechanism adds an additional layer of protection should your username and password become compromised. You’ve seen this type of access control implemented on your online-banking platforms. The use of MFA is extremely effective in protecting unauthorized access and using it protects your business against a variety of threats. 

There’s always more you can do to bolster the cybersecurity posture of your business, but these guidelines are a good place to start to protect yourself from ransomware attacks. The United States Cybersecurity & Infrastructure Security Agency recently launched the website, stopransomware.gov where more information and resources can be found.