Geek’s Blog

How to protect your business from ransomware attacks

, ,

In recent weeks, some local businesses have been pressured to shell out thousands or risk losing important data as a result of ransomware attacks. Ransomware attacks involve installing malicious software or malware on a computer or device that usually encrypts files, making them unusable. Once ransomware has found its way onto your devices or systems, there is little that can be done to recover your data. You wont be able to unencrypt files and get your business back up and running. Taking preventative measures will help you minimise the impacts of a ransomware attack. These steps will ensure you mitigate the costs and disruption to your business are effectively. 

1.      Make regular backups of your important files.

This statement is true for your personal data and devices too. Make regular backups of all data, essential files needed for business operations. If you were to lose access to all of your recent client files today, would you be able to keep operating?

  • Check that you or a member of your team know how to restore files from the backup, and regularly test that it is working as expected.
  • Ensure you create offline backups that are kept separate, in a different location (ideally off-site), from your network and systems.
  • Make sure that the devices containing your backup (such as external hard drives and USB sticks) are not permanently connected to your network or plugged into your device. Attackers can target connected backup devices and solutions to make recovery more difficult.
  • You should ensure that your cloud service protects previous versions of the backup from being immediately deleted and allows you to restore to them.

Backup accounts and solutions should be protected using 2-factor or Multi-Factor Authentication (MFA), and the MFA method should not be installed on the same device that is used for the administration of backups.

2.      Staff training to prevent malware infections

Make sure you and your team are familiar with identifying potential malware and are aware of the common ways ransomware infects systems. It’s also a good idea to set some guidelines for best practice to help keep everyone’s devices and data safe. Ransomware can find its way onto systems in different ways, some common ones include:

  • Social Engineering: This could include phishing emails, persuasive phone calls or even social media messages. So, training staff on how to identify these is important.
  • Outdated Systems: Outdated devices, or software containing unpatched publicly known exploitable vulnerabilities are easy targets. Ensure your team is using up-to-date devices and software.
  • Malicious links/websites: Just like any malware, ransomware can often find its way onto systems from malicious sites. Ensure your team isn’t using their work devices for personal use and know how to identify and avoid malicious sites.
  • Infected physical drives: This method is less common today, but something to be aware of. If an unsuspecting user plugs an infected drive into your computer, it may execute malware and begin the encryption process, bypassing network security. Make sure you have guidelines around plugging drives into devices.
  • Device usage: Training around using work devices safely is important. Ensure business devices are kept for that purpose and not used for personal use.

3.      Review your current network security

Many businesses, especially smaller ones, treat cybersecurity as an annoying hassle. Something they will eventually get around to, but don’t always prioritise. Now is the perfect time to review your current security protocols and implement any changes needed.

  • Install antivirus & browser protection: At a minimum, make sure you have antivirus and browser protection running on all devices connected to your network or those with access to your backups and important files. Even with the above training, users can still make errors and find themselves on malicious sites.
  • Update devices and software: By updating your system, you can mitigate risks associated with unpatched vulnerabilities. In simple terms, older software has security risks that newer versions have already fixed. If you don’t upgrade to the newer versions, these known risks are easy for scammers to exploit.
  • Use MFA & strong password policies: Multifactor authentication is an important tool for keeping your backup files secure. It can also be used to authenticate users so that if malware steals credentials, they can’t easily be reused. It’s also important to ensure all users are using strong, unique passwords that have no personal information and are not used for other personal logins. Read our guidelines for creating strong passwords here.
  • Review and remove invalid permissions: This is an easy step to forget, but it’s important to remove permissions after team members move on. Review this regularly. More valid user credentials are more (potentially vulnerable) entry points to your system.
  • Segment networks & layered defence: Although not always possible for smaller businesses, it’s a good idea to limit the access a malicious actor has if they gain access to one part of your network.

4.      Have a plan

Failing to plan is planning to fail. That adage applies to cybersecurity as well. In the modern digital landscape, risks and threats are inevitable. It’s important you have a plan and procedure in place for what to do if the worst should happen. Response plans can start simple and become as complex as your business or organisation requires. The basics include things like:

  • Establish critical data and assets: Understand the impact a malware attack may have on your most important devices.
  • Decide who needs to know what: A quick response is vital to limiting the fallout of a ransomware attack, so it’s important to establish who needs to be contacted at the first sign of an attack.
  • Discuss how you will respond: It’s important you’ve thought about how you will respond to the ransom demand and what your first steps will be to protect your systems.

Should I pay the ransom?

The New Zealand Government strongly discourages the payment of ransoms to cybercriminals according to their guidance on cyber ransom payments. The government guidelines go on to outline the implications of paying a ransom, which include.

  • No guarantee of the end of an incident, or the removal of malicious software. It does not guarantee that you will get your data back.
  • Creating a financial incentive for criminals to continue or expand their activities, including potentially targeting you again.

If you haven’t put a plan in place for how to manage ransomware risks and respond to attacks, then now’s the best time to get started! Reach out to the friendly Geeks on Wheels team for some friendly support and advice on 0800 424 335.

Subscribe
Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Geek Newsletter
Get our monthly newsletter and never miss a special deal.
ErrorHere