If you’re running a business, you probably know how valuable information is. Unfortunately, so do cybercriminals: hackers can sell stolen information on hidden parts of the internet called the dark net for massive profit and with impunity. In this article, we’ll be talking about one particular kind of attack, called ransomware.
While breaches made with the intent to sell data may threaten your privacy, a type of attack called ransomware poses a danger to daily operations. Ransomware encrypts all of your data and then demands a ransom restore it, leaving your business dead in the water while you scramble t get the money together.
Ransomware has proven devastating: one notorious example is the WannaCry attack, which affected more than 200,000 systems across 150 countries, encrypting data and requiring a payment in bitcoin to undo the damage.
What’s more terrifying is that WannaCry, despite the widespread damage it caused, was actually made by inexperienced hackers who made numerous mistakes. It didn’t take a group of masterminds to inflict as much as $4 billion in losses. Many who did pay the ransom never received decryption keys because the hackers failed to identify who complied, meaning victims lost money and their data.
With losses attributed to ransomware predicted to surpass $11.5 billion per year by 2019, keeping your business’ data secure should be a top priority.
While it may clear that you need to take action to keep your business safe from ransomware, you might be less certain about what actions to take. Here we’ve assembled some specifics that will help you ensure the security of company and keep your data safe in the case of an attack.
Keep Software up to Date
Keeping software up to date is one of the most basic and effective ways to keep your data secure. While hackers are constantly trying to find security holes in software, the companies that develop it are constantly making patches to keep ahead of these cybercriminals.
This means that a massive amount of malware on the internet is only effective against out of date computers. In the case of WannaCry, a substantial number of computers could have been safe had they been updated.
With the discovery of Meltdown and Spectre, all devices running Intel processors — and many running ARM and AMD processors — from the past 20 years are at risk of attack. Fortunately, if you keep your machines up to date, there are workarounds to keep your systems safe.
In the case of last year’s Equifax data breach, the personal information of 143 million American consumers would still be secure had the company implemented a software patch that was available months before the attack took place.
As such a massive number of security breaches are caused by out-of-date software, it’s clear that a simple first line of defense is to just keep your computers up to date. Another tactic is to install protection software like this free product from Acronis which should help prevent attacks.
If your data is ever compromised though, it’s absolutely essential to have it backed up with one of our best online backup services. While a local backup is better than no backup at all, they are still susceptible to attacks.
Ransomware may be able to encrypt local backups as they will be on the same network. Cloud backups are off site and won’t go down just because your company’s computers do. That said, there are some things to keep in mind when choosing one.
If your business is attacked, the encrypted data is useless. This is where a key difference between backup and storage comes into play. Backups will offer versioning so you can restore your data in its previous, unencrypted form. For extra control, choose a backup plan such as CrashPlan that offers customizable versioning which keeps backups for over a year (read our CrashPlan review for more on this).
You should also consider ease of use. If you’re running a business, you probably want to focus and actually doing business. The more “set-it-and-forget-it” your backup service is, the less time you can spend worrying about your data and the more time you can spend on the actual work. As you can read in our Backblaze review, that service is among our top rated services when it comes to user friendliness.
Keep Things Secure
Ideally you’ll keep your data protected with more than one system. A firewall is an essential first step, but you should also be using an antivirus and a web filter to keep employees away from malicious websites. To further protect your system’s security, be sure change default usernames and passwords, and disable WPS for WiFi. For more information, check out our online privacy guide.
While a backup will allow you to keep your data safe in the case of a ransomware attack, restoring your computers takes time and time is expensive. The ideal scenario is one where your data is backed up, but you don’t need that backup because your computers are secure in the first place.
In most cases, ransomware can’t even be installed if your company’s computers have their permissions set properly. It’s likely that not every employee needs to be able to install software and most employees certainly don’t need administrative access to your entire network.
It’s worth taking the time to configure computers with all of the tools that your employees might need to do their job. Even with installation permissions disabled, if they really need a tool that isn’t already set up, they can talk to you or your network administrator to ensure that no one downloads something that may a threat.
A simple mistake from an employee with greater than necessary network access can have serious consequences for your company’s security. Keeping a tight rein on permissions will prevent any mishaps.
Ransomware is a huge threat to any business, having the power to bring operations to a halt and render your data unusable. Ultimately, guarding your business comes down to being proactive about security and redundancy.
With proper measures in place, including up to date software and a backup solution, you can keep your business safe from these threats and keep working with peace of mind. If you’re ever unsure, consider contacting a security professional for consultation.
If you have any thoughts on preventing ransomware attacks, we’d love to hear from you in the comments below. Thank you for reading.