“Ransomware” is the term used when hackers make the data on your network inaccessible to you until you pay a large ransom. The tools used for ransomware are no different than those used for traditional hacking but, instead of stealing data, criminals want to steal your money.
This threat appeared on the scene around 2012 and has been growing ever since. In 2017 there was a significant increase in ransom malware, so it’s been predicted that ransomware will be the biggest security threat to business and individuals in 2018.
The best target for ransomware is a business that has vulnerabilities in its network. Just like traditional thieves, they go after the location that is the easiest to break into. The more secure you can make your network the less likely it is that your business will be attacked.
Data security experts typically advise that you follow these four important steps to reduce the risks of ransomware and avoid the need to pay a ransom:
- Employee Training: Ransomware often starts with an employee opening a single file that unleashes a virus that shuts down the entire system. But ransomware can be activated in a number of ways. These include infected downloads, phishing scams, or opening an email attachment containing malware. It’s important to train your employees never to download or open any email attachments unless they directly apply to their daily business responsibilities. It’s also important to stress to employees never to visit Websites other than those relating to business research or business activities. Sites such as pornographic sites are commonly used by ransomware criminals.
Sometimes individuals are hacked, then the hackers use the addresses gleaned from that person’s contact list to send out infected attachments or links. Employees should be trained to look out for strange emails that appear to be from people they know that may have been hacked. Any emails looking remotely suspicious should be immediately deleted even if they are from people known to the employee.
- Strong Security Systems: Since we covered this subject last in Insights, companies that provide security solutions for ransomware have developed even better ways to protect businesses from this costly and time-consuming threat. You should conduct research on what is now available for ransomware to see if you can close any gaps you may have in your network.
Effective ransomware security always includes:
- A strong firewall
- Anti-malware tools that update automatically
- Keeping your system current with patches and other updates
- Security software that stops users from clicking on infected Websites
- System Backups: Backing up your system is always the best way to protect your business. If your network becomes infected with ransomware, it needs to be wiped clean and restored from your backup. This lets you avoid having to pay a ransom in order to get your data back.
There are many cloud-based backup services available today. It’s important to evaluate the cost, the ease of data restoration and the security offered by these vendors before choosing the one that’s right for you. One trusted application in this sector is SecuriSync by Intermedia.
If you are conducting backups on premise, you should make sure you can recover an image of the data for months in the past and keep multiple copies. Any backups made between the time of infection and when the attack is detected will be encrypted, and thus unrecoverable.
During the wipe-and-restoration process, however, the data is still inaccessible. So this could interrupt or virtually shut down your business while the data is being restored. According to Gillware Data Recovery, downtime can cost businesses as much as $8,600 per hour. This is why it’s more cost-effective to avoid being hit by ransomware than to have to recover from it.
- Automatic Incremental Online Backups: Your businesses should keep at least one set of backups offsite. There are many companies offering offsite backups at very affordable rates, so this is easy to do. Offsite backups give you another restoration option that adds a valuable layer of protection to your business. Most online backup services let you set how many prior days or months of backups you want stored so you can easily restore from a network version that has not been encrypted by ransomware.
Your IDeACOM Network member company can help you evaluate your firewall and other network security systems to help you make sure you significantly reduce the threat that your business will be hit by ransomware in 2018 and beyond.