When should you start worrying about ransomware? Well, we recommend before that moment when the ransom demand pops up on your computer. Ransomware attacks can be expensive, time-consuming, frustrating, and we have found that stress eating during a cyber-attack can really pack on the pounds… the good news is that malware is preventable if you do the right things and take the time needed to implement them (for you and your organization!)
These five, relatively easy steps, can help dramatically decrease your vulnerability to attack.
1. Educate Employees About ransomware
As most ransomware infections begin as a phishing email or a visit to a sketchy website- making sure the humans who use the computers in your office have the skills and awareness of the risk around malware is a critical first step. Most people want to do the right thing, so showing how, reminding them of threats in a positive and encouraging way, and finding creative ways to share information and news about ransomware can go a long way. A structured training program can help you organize learning and measure progress.
Only 25% of small businesses today train employees on cyber awareness.
61% reported being attacked by ransomware in 2018.
We clearly have a long way to go in this area. (Also, we recommend puppets, but that’s for later.)
2. Deploy Cyber Defenses
Cyber security is a hotbed of research and development. There is more technology out there than any company could possibly afford, need, or use (shhh don’t tell the vendors we told you that they will get mad at us!!) In many cases, these miracle solutions don’t actually solve all of your problems (dang it, we did it again!)
There are basic cyber security defenses that are critical to maintaining a secure company.
For instance, if you don’t have a firewall protecting the company network and antivirus running on every computer, you’re not merely "leaving the door open..." You’re hanging a sign out saying “Easy Target Here!” as cybercriminals scan the web looking for low-hanging fruit. Get the bare basics in place, research the particular solutions that you need for your unique use case (email scanning, web application firewalls, etc.), and you’ll be much less vulnerable to ransomware.
3. Keep Systems Up-To-Date
Outdated systems are a hacker’s best friend. Many of the biggest cyber incidents in history have started with some companies failing to patch the latest vulnerability. Remember Wannacry? The patch for the vulnerability that it exploited was available in March 2017. The Wannacry outbreak happened in May… Oops.
Updates don’t just apply to your computer programs. Your antivirus is useless if you’re not keeping it up-to-date and running it frequently. The data that your AV downloads in updates are what it needs to identify the latest malware found in the wild.
The threats are moving faster than ever. If your AV “definitions” are even a week out of date, that’s a lot of time for organized crime and weaponized malware to get at your systems.
4. Use An Automated Back-Up System
Ransomware totally counts on the fact that, once you’re infected, your only choice would be to pay the ransom. In many cases, this may be correct if the value of the lost data exceeds the hackers’ asking price.
An automated backup system with offline storage is such a powerful tool for protecting against ransomware.
With regular backups, you may only lose an hour’s worth of data, which is probably a lot less than the hacker’s asking price. Magic.
5. Restrict Privileges on computers
The principle of least privilege is a common one in cyber security. This means that users or programs shouldn’t have any more privilege on a computer than what is necessary to do their jobs. In plain English: you shouldn’t be using an account with administrator privileges right now.
Ransomware often needs elevated privileges (Administrator/root) to do its job on your computer.
If you’re browsing the web on an account with these privileges, you’re just making life easier for the hackers. Create a user account with only the privileges that you need to do your job (browsing Facebook and writing Word documents don’t take many permissions) and use that unless a particular task requires Administrator level access.
Fighting Against Ransomware
Practicing good cyber hygiene can make all the difference.
Knowing your cyber do’s and dont’s and taking a few easy steps can mean the difference between a costly ransomware attack and a cyber non-event. If you need some more help on what to do next, or recommendations on partners we use that can help small and midsize underdogs everywhere get some simple, easy-to-understand advice, give us a shout. And if you would like to see how our puppets can help you keep your staff engaged enough to not click on spammy links, we’re all ears.