Even businesses with protection from ransomware can still be vulnerable. In 2016, a Big Sur client was struck by the Zepto virus. Luckily they had our cloud backup service and were relatively unaffected. Our latest blog post has invaluable tips on how to educate your team to be safe from the crafty hackers.
From Wannacry to NotPetya and CryptoLocker, the rise of ransomware attacks has grown significantly over recent years, and is projected to continue growing at a rapid pace for years to come.
Since January 1, 2016 an estimated 4,000 ransomware attacks occurred each day in the United States (U.S. Small Business Administration). Unfortunately, businesses of every size are susceptible to a potential attack. However if you own or work at a small-to-medium sized business (SMBs), your company is considered to be high risk, since SMBs are frequent targets of ransomware hackers who seek vulnerable businesses that often lack the time and resources to adequately prepare or recover from a ransomware attack.
If fallen prey to a ransomware attack, a business will likely experience the most significant impact in one or more of the following three areas: downtime, data loss, and financial loss, especially if the ransom is paid in the form of a cryptocurrency, i.e. bitcoin. Unfortunately many SMBs across the United States have already experienced ransomware attacks, with an estimated loss of “$75 million in downtime due to ransomware attacks” in 2017 alone, including 48% percent of those businesses reporting critical data loss (Forbes).
If you own or work at a SMB, what does this rise in ransomware attacks mean for your business and how can you protect your company?
First, it’s important that you understand the basics of what ransomware is. To start, ransomware is a type of malware, which is short for malicious software, that “has allowed people who are not computer experts to become computer thieves” by sending innocuous emails with a link or file attachment that infects the user’s computer system and has the potential to spread system-wide. Once infected, the user receives a message from the hackers, seeking payment in order to regain system access (New York Times). Typically the ransom payment, which businesses can choose to pay or not pay, is requested in the form of a cryptocurrency like Bitcoin, the most well-known digital currency.
Second, it is advised that you take necessary steps to protect your business sooner than later, so that you can fight off lurking hackers that may be targeting your system. To help, we’ve included a few tips below to help prepare and protect your business from a ransomware attack.
Train & Build Awareness
When it comes to ransomware attacks, employees are the first line of defense. Not only are employees able to help protect against ransomware attacks, but they are the most prone to become victims if not trained properly—a potentially costly oversight that can have a significant impact on an entire business.
For example, if your employees are not aware or trained effectively, they may click on an unknown link or open an attachment from an unreliable source, which could infect the computer. What happens next? In many cases, “The program encrypts the computer, essentially locking the user out of files, folders, and drives on that computer. In some cases, the entire network the computer is connected to can become infected (New York Times).”
The good news is that businesses of every size can take preventable measures to prepare. Below are a few examples of how to accomplish this:
- Educate and train: From a formal training to periodic reminders, it’s important to keep the risk of cyber attacks top of mind among your employees. Use these opportunities to explain the basics of malware/ransomware, signs of a phishing attack, and tips on how to spot potentially dangerous emails.
- Limit users’ accessibility: While not foolproof, limiting full administrative access to only those users who absolutely require admin access, can add another roadblock against hackers. This is because some forms of ransomware attacks leverage an administrator’s credentials in order to infiltrate the system. Meaning that if you limit the number of full admin credentials, you also limit the number of entry points for certain strands of ransomware.
- Enable strong spam filters: Despite the training you may provide employees, there’s always a chance that a seemingly harmless email will appear in a user’s inbox with dangerous clickbait. Unfortunately, spam filters will not be able to filter all ransomware threats, but effective filters can “capture spam messages and quarantine them” and also scan for malicious code across “documents, executable files, and zip files before they are opened” (ITProPortal).
2. From Software Updates to Data Backup
When it comes protecting your computer, there are two critical steps to take in order to fight off a ransomware attack—software updates and data backup. Regardless if your company uses Apple, Windows, or another type of operating system—it’s important that everyone at the business is up to date with the latest operating system and follows a plan to continuously backup data. Below are a few reasons on why each of these components is so important:
- Software Updates: Outdated operating systems are the most vulnerable to attacks, because “hackers practice on older versions of operating systems, browsers, and software applications. It’s their testing ground. However, they are less prepared to attack the latest version since they haven’t had time to figure out how to compromise it” (Forbes). Based on that, your company should be diligent and ensure that all users are up to date across all systems.
- Data Backup: Despite your best efforts, no one is completely safe from a ransomware attack, but “you can protect yourself from data loss by backing it up. This way, you still have access to your data, even when your computer is on lock-down” (Business News Daily). The best way to ensure your data is properly and continuously backed-up is to add an extra layer of protection via a cloud backup service. The added bonus? Many cloud backup services, like Big Sur Technologies’s MyCloud, are backed up daily using advanced technology and are fully supported and managed behind the scenes, meaning that this step is not only helpful in the event of a cyberattack like ransomware, but can also protect a business’s system in the event of a natural or human-induced disaster.
3. Make Technology Work for You
From antivirus to anti-malware programs, there are a range of programs that businesses can use to warrant off potential ransomware attacks. To best protect your company from ransomware, it is recommended that you “make your malware defense system strong with a paid anti-malware program which provides you real-time protection against malware, along with a good paid antivirus software” (TechSupportall). Below are details on how both antivirus and anti-malware programs work, and why it is important to have a layered approach:
- Antivirus: The benefit of an anti-virus software program is that it can help prevent a cyberattack, like ransomware, from infecting your computer. How does an antivirus program work? Most often, these programs work by “maintaining a massive database of digital signatures of known viruses. The software scans your hard drive for these ‘fingerprints’ and if it finds a file that matches a known malware, it will attempt to quarantine and delete it” (Business Insider). Our go-to anti-virus program is Webroot, which offers features like, secure browsing, anti-phishing, and identity theft protection.
- Anti-Malware: While an antivirus program is a good start, our IT experts recommend combining your antivirus program with an anti-malware offering, to ensure you’re protected on all fronts. Malwarebytes is our recommended program because it uses multiple technologies to proactively protect your computer against known and unknown threats. Plus, this anti-malware program offers benefits including: protection against exploits and ransomware, blocks against malicious websites, and detects unprotected systems.
If you have additional questions or are interested in learning more about how to protect your business against a ransomware attack, contact our team today.