Don’t Become a Hacker Hostage - How to Protect Your Business from Ransomware
Recently, TV shows like Mr Robot have made hacking seem cool. The thought of taking down “big business” may be a romantic notion on film but in reality it instills fear, costs jobs, and potentially, even lives. The Washington Post has noted that cyberattacks are hitting the medical industry hard, which indeed can put lives at risk. The notion is further conveyed in this recent article from the Globe and Mail. It touches on the attack on the healthcare industry, as well as attacks on any other form of business with a lot to lose. Not so romantic now, is it?
Why are hackers targeting organizations where repercussions of a hack are so damaging? Because they know that those businesses will pay practically anything to get their systems back online. Captured in this PBS News segment, Hollywood Presbyterian Hospital did just that, paying $17,000 at the beginning 2016 to have their computers unlock. Enter ransomeware.
MAKE IT detailed ransomware in our recent article on the top five cyber security risks of 2016. Ransomware, by definition, is a form of malware that either encrypts or severely restricts access to an infected computer and can potentially even provide the culprit with sensitive corporate information, including (but not exclusive to) photos, email conversations, contracts, classified documents and files. If a hacker locked down your business critical systems and you were facing the prospect of an extended service outage, permanent data loss and the resulting public brand damage you’d probably pay up too.
While the threat is very real, you can take steps to prevent your business from being held hostage by the new wave of corporate sabotage.
5 Ways to Keep Your Business Safe from Ransomware Attacks
1. Comprehensive Ransomware / Cybersecurity Training for Your Staff
This proactive tactic, which we detailed in our recent article on cybersecurity for law firms, bears repeating. Consider your entire staff as gatekeepers as they are the key to halting ransomware attacks. Every email that is opened and every unfamiliar link that is clicked is a potential threat. Even a notification of a perceived Pokemon Go App update can be dangerous. Your employees need to know what to look out for.
Everyone in your corporate hierarchy must be educated in cyber security and understand how it relates to their daily activities. Simple steps, such as getting them to hover over (to view) emailed links before clicking on them can block a threat. Take accounting of remote workers and contractors. Your newly instituted internal security policies must apply to them too. Getting staff on board will be easy enough, especially when you communicate that a ransomware attack can result in a loss of jobs and potentially shut down the business altogether.
2. Ensure All of Your Software is Up to Date
When dependent upon Software as a Service (SaaS) you want to make sure that software is up to date with respect to security. This means being able to trust that your SaaS provider is on top of the latest ransomware threats. It’s also a good idea to make sure that your software dependencies are centralized. If not, all it takes is one lagging plugin to open your business up to ransomware. Consider migrating your email, working files, shared documents, presentation tools, and storage to Microsoft 365 for Business, which has built-in security and continuous compliance with numerous independent third-party audits in place.
3. Back it Up
Backing up files to an offsite data centre, or to the cloud is essential to hedging risk of ransomware. Your data can’t be held hostage if you have a continuously updated duplicate version within quick reach. It may not be the end-all solution to protect against the threat of sensitive data falling in the hands of others, but it’s a start. The cloud is especially effective for those simply concerned with losing data as opposed to it being leaked. For cloud storage to be effective, it must be managed by a reputable provider that ensures automatic security updates and patches holes when a system is no longer supported.
4. Disable Remote Support Applications
The newly infamous Surprise ransomware attack uses remote collaboration to spread. File-encrypting malware creators are using Windows native remote access features together with third-party software to insert malicious code onto computers. To prevent this more recent form and wide-spreading ransomware, disable remote support applications such as Teamviewer on corporate computers when they are not in use. In addition, consider using multi-factor authentication and restrict the range of allowed IDs through your system’s white-listing feature.
5. Have an IT Consulting Firm Perform a Ransomware/Security Audit
There is no better way to gauge your current susceptibility to ransomware attacks than to secure the services of a reputable IT consulting firm versed in this exact form of cybersecurity. In addition to performing a complete audit, they can implement security measures, conduct training sessions and seminars for your staff (as per item #1 above), and be kept on a retainer to ensure that your business remains free from ransomware today and well into the future.
Hackers adapt to new security measures by the day, you need an IT firm that stays ahead of them. Contact MAKE IT as soon as possible to prevent your business from being taken hostage.