Attacks like Petya, WannaCry, and Bad Rabbit have been in recent news. Ransomware attacks are becoming increasingly common. These attacks can shut down government systems and major corporations once they infect a system. Malware attacks have been detected in countries as diverse as Turkey, South Korea, and Poland.
The basic ransomware attack is essentially a digital kidnapping. The infected system shows a ransom note. You are told that you can no longer access your program without a decryption key. To get this key, you have a set time limit to pay a ransom.
While it may operate like a standard kidnapping, detecting the intruders and catching them is far harder. These attacks can target major corporations and government systems, so small businesses are certainly at risk as well. To keep your system from falling victim to ransomware, you have to take steps to protect your company. Here’s how:
Start by Training Your Employees
One way to protect your company is through an awareness and training program. In general, the end user is the target. Your employees need to know what the threat is and how it will be delivered. In the training program, explain how hacked websites and drive-by downloads can spread ransomware.
This simple version involves the visitor being told that they need to install a Flash update. Instead of actually installing Flash, the computer downloads a program that injects JavaScript into the HTML code. As a rule, employees should never click on Flash updates. Instead, they should go immediately to Adobe to see if an update is actually needed.
A single employee can click on an infected email and open your business to cyber criminals. It only takes one phishing scam or malicious link to put your company at risk. If you do not have an in-house cybersecurity employee, you can always hire a consulting service to train your employees.
Backup All of Your Data
Even with the best training, an employee may become careless. You might not be able to prevent every indiscretion, but you can make sure that your data is safe. To prevent your data from being lost, you need to have backup software in place. For added protection, use IoT software for all-around safety.
These types of services will generally backup data at multiple geographic locations, so your information is secure if there is a natural disaster. You should also look into off-site backups so that your information will not be held hostage by ransomware.
Make Sure Your Software is Updated
Petya and Bad Rabbit spread quickly because companies did not update their operating systems. If you’re company uses inventory software, AP audit software, or invoicing software, you want to be sure they are always up to date. When software programs and operating systems are out of date, it is easier for cyber criminals to access them.
To keep your system from being vulnerable, you have to make sure that your antivirus software and every other program is continually updated. Cyber criminals only need to find one computer on your network that has not been updated. Your best bet is to sign up for automatic updates for every program on your system.
Unfortunately, this technique will not stop every attack. Even the best antivirus companies only have a catch rate of 80 to 90 percent. This catch rate drops to almost zero for zero-day malware. Zero-day attacks occur for vulnerabilities that are not currently known. Since the vulnerability is not discovered yet, the cyber criminals have the advantage. Zero-day attacks are especially common for outdated programs, so make sure to install all updates and patches as they are created.
Don’t Pay the Attackers
If you do become the victim of a ransomware attack, do not pay the attackers. This only encourages the hackers to try the attack on someone else. Even if you pay the attackers, there is no guarantee that you will actually get your data back. If you have backed up all of your information beforehand, you can restart your business operations without a problem.
Set Up Firewalls
A firewall can protect your computer from some cyber criminals. With the right firewall, your system will block access from a malicious IP address. This only works for known malicious IP addresses, but it will still prevent some cyber criminals from accessing your business information.
Use the Principle of Least Privilege
When setting up privileged accounts, your default choice should be the principle of least privilege. You should not give any employee administrative access unless it is absolutely necessary for them. Even if they need an administrator account, they should only use them when it is absolutely necessary.
In 2017, Kaspersky Lab Malware published a study on mobile ransomware attacks from the first quarter. According to the study, malware attacks were up by 250 percent. For businesses, this represents a huge cost. In just 2017, small businesses in the United States lost $75 million because of downtime associated with ransomware attacks.
By taking the right precautions, you can prevent your business from becoming a part of this statistic. It can be scary, but it completely necessary to always be prepared for what could happen to your company and how you can come back from it.