Ransomware is an increasingly common and devastating cyberattack that can happen to any business. The ransomware attacks that get the most media attention are those on high profile companies, but ransomware attacks on small businesses are increasing too. Many smaller businesses do not have the resources to weather a ransomware attack and will be severely impacted or even put out of business. In this blog post, we cover 3 things you should consider to protect your business against ransomware:
- Prevention: Minimise the chance of ransomware infection.
- Mitigation: Minimise the impact of ransomware infection.
- Recovery: Maximise the speed of recovery from ransomware infection.
Prevention: Minimise the chance of ransomware infection.
One of the best ways to protect your business from ransomware is to minimise the chances of infection in the first place. There are a few simple things you can do:
- Keep your software up-to-date, including operating system patches and application updates. Many ransomware attacks exploit known vulnerabilities in software that have not been patched.
- Use a reputable antivirus solution and make sure it’s current. Scan your computer for malware and Potentially Unwanted Programs (PUPs) on a regular basis. These might be used to install ransomware without you knowing.
- Use a solution that can examine email and web traffic for dangerous or malicious content to guarantee it is removed before it reaches your network.
- Provide your employees with security awareness training. Ransomware is frequently distributed via tainted email attachments or links in phishing emails. Because ransomware may exploit flaws in your software that antivirus applications may not be able to detect, it’s critical that you teach users how to identify a potentially harmful email.
Mitigation: Minimise the impact of ransomware infection.
If you’re unlucky enough to get ransomware in your environment, there are a few things you can do to help reduce the chances of it crippling your business.
- Create regular backups of your data. If you are infected with ransomware, you can restore your data from the backup.
- Once again, keep your programs up to date, including operating system patches and software upgrades. Ransomware can spread via known exploits in programs that have not been updated.
- On your endpoints, remove standard user accounts’ administrative rights. If a user runs an unauthorized program with admin rights, he or she has full access. If no administrator permissions are available, the potential for harm is effectively limited.
- Continuously monitor for suspicious activity. If ransomware is detected early enough, it may not have had the chance to do too much damage.
- Some antivirus solutions have the option to include Endpoint Detection and Response (EDR) features. EDR allows you to respond quickly to an attack and find all computers in your environment that may be infected, and then isolate them to prevent damage.
Recovery: Maximise the speed of recovery from ransomware infection.
If you do get infected with ransomware and have mitigated the impact you are doing well, but there is one final thing you need to do; recover as quickly as possible.
When you get hit with ransomware you will likely be in a state of panic.
Having a ransomware response strategy in place allows you to concentrate on what you need to do following the measures agreed upon when you had a clear head. This plan should include who you will contact and what steps to take. You should include procedures for restoring all data from backups and identifying which files were encrypted by the ransomware so you can restore them. You should also include procedures for identifying ransomware infections across your environment and containing those computers to prevent the ransomware from spreading further.
A dedicated ransomware response plan for a small company may appear to be overkill, but going through this procedure will help you organize your thoughts and prepare with a clear head what you would need to do if something like that were to occur. It will also assist you in identifying areas where your current IT solutions and procedures could use improvement.
Ransomware is a real and growing threat to businesses of all sizes.
Prevention, detection and mitigation are the best ways to protect your business from ransomware. While no solution can guarantee 100% protection, these steps will help reduce your risk and help you recover quickly if ransomware does infect your systems.
Please contact us for more information on how.