Ransomware: 5 Ways To Protect Your Company

Ransomware: 5 Ways To Protect Your Company

The United States saw an unprecedented amount of ransomware attacks in 2019. According to Emsisoft, impacted organizations included: 113 state and municipal governments and agencies; 764 healthcare providers; and 89 universities, colleges, and school districts. Ransomware attacks on just these organizations alone in 2019 had the potential cost in excess of $7.5 billion. These ransomware attacks didn’t just cost these organizations monetarily, but the disruption put people’s personal information, health, and safety at risk by having emergency patients rerouted to different hospitals, medical records were inaccessible or lost, surveillance systems went offline, schools could not access student’s medical records, and more.

Cybersecurity Ventures estimates that the global costs of ransomware will reach $21 billion worldwide by 2021.

According to Coveware, in the last quarter of 2019, the average ransomware demand amount increased to $84,116 – that’s a 104% increase over Q3.

Cybersecurity Ventures predicts that ransomware attacks will target businesses every 11 seconds in 2020.

According to Datto’s Global State of the Channel Ransomware Report, one in five ransomware attack victims were small and midsize businesses in 2019.

So how do you protect your company from ransomware?

1. Education – All Employees Are Responsible For Security

What is ransomware? Ransomware is a form of malware or a virus that prevents users from accessing their systems or data until a sum of money is paid.

What are the most common ransomware delivery methods? 

  • Email Attachments
  • Malicious URLs
  • Remote Desktop Protocol
  • Malvertising
  • Drive By Downloads
  • USB Drives

As you can see it’s incredibly easy to fall victim to a ransomware attack so it is critical that each and every one of your employees are fully aware of all security policies in order to protect your company’s data. Just one click on a corrupt link or a download of a malicious attachment could breach and cripple your company’s network. It’s every employee’s job to engage in safe online behavior in order to prevent a cyber attack.

Our recommendations for security include:

DO NOT OPEN ANY ATTACHMENTS.
Ransomware is normally distributed via emails that encourage the recipient to open malicious attachments, including common formats such as PDF, Word document, Excel Spreadsheet, and a ZIP file. Once the attachment is opened, the ransomware can be deployed immediately.
Keep in mind that hackers may conduct extensive research into your organization to create a very credible and legitimate looking email.
DO NOT OPEN ANY LINKS.
Hackers will also insert malicious links into emails and social media platforms to distribute ransomware. Wording will often evoke a sense of urgency or intrigue in order to trick the user to click the link, which will trigger the download of ransomware.
DO NOT CHECK YOUR PERSONAL EMAIL ON A WORK COMPUTER.
Personal email may not have sophisticated and advanced spam filtering, which would allow for malicious emails to bypass quarantine and land in a user’s inbox.
Remember this rule, never enter personal or company information in response to a pop-up page, an email, or any other form of communication that you did not initiate.
2. Have a Proactive Disaster Recovery Plan

Studies show that 58% of small businesses are not prepared for data loss, and 60% of small businesses who do experience data loss close within six months.

While ensuring that your data is consistently backed up is crucial, having a disaster recovery solution takes things a step further to minimize downtime and ensure that data recovery happens in a timely manner after a ransomware attack.

Your backup and disaster recovery solution should be tailored for the type of information your business is storing. Identify your most critical IT assets and your downtime tolerance, in order to create a solution that works best for your business. Once your backup and disaster recovery system is installed,  monitor it constantly to ensure that your data is backed up, confirmed, and secure.

3. Think Like a Hacker

Consider your busiest times or vendors that you frequently work with. Cyber criminals are thinking about this too in order to find a weak spot to exploit in your network.

Know that not all malicious emails have grammar errors and the common ‘Greetings Sir’ opening line. Hackers will send incredibly personal emails that may address you by name, use your professional title, mention a project that you’re working on, or a client that you work with frequently. They’ll also create fake sites that at first glance, look identical to trusted partners like micros0ft.com or americanexpressae.com.

According to government and private experts in an article from The NY Times, “The ransomware business is now proving so lucrative that the hackers are pouring some of their profits back into their own research and development, making their attacks more precise, and more wily.” Eli Sugarman, Director of the Hewlett Foundation’s cybersecurity program said in the same article, “We are seeing more ransomware attacks because they work.”

Hackers are smart and they are quickly adapting in order to find new ways to trick users. With their clever tactics and detailed technical knowledge, they will stop at nothing to penetrate your network.

4. Know Your Network

If a hacker was in your network right now, would you know? There are many security tools including intrusion prevention and detection systems that allows you to monitor all traffic on your network. These products will allow you to monitor your network in real time and find any traffic anomalies that may indicate if your system has been hacked.

While we’re on the subject of software, it is incredibly important to always run regular system updates in order to repair any bugs or abnormalities within your system. This applies not only to your computer, but your phone, tablet, etc. as well. If you neglect to update your system, those vulnerabilities are likely to be extorted by hackers. Hackers take advantage of these weaknesses by writing code specifically targeting the vulnerabilities in your system.

Software updates repair security holes and vulnerabilities, fixes or removes bugs, and can even add new features and remove outdated ones. Software updates will make your system more stable and often boost your system’s program performance as well.

This goes for your anti-virus, anti-spyware, and anti-malware software as well. Your system is regularly threatened by new viruses, spyware, and malware. These software updates contain the latest files needed to combat the newest threats that could potentially cripple your system.

5. Change All Passwords Regularly

Usernames and passwords represent the keys to the kingdom for malicious attackers. Criminals who know how to penetrate a company’s defenses can easily steal hundreds or even thousands of credentials at a time, each one representing another potential entry point to compromise your organization’s network and data.

Did you know that 76% of people will use the same passwords for most, if not all, websites?

And those default passwords that you’ve neglected to change – do so immediately! Did you know that the 2017 Equifax data breach was due to the company using ‘admin’ as the login and password to protect over 147 million customer’s sensitive information?

Hackers have sophisticated resources, including programs that can test millions of passwords. With these tricks and an endless amount of time, their chances of hitting the jackpot – your password – is very likely.

Make sure your passwords are complex and lengthy and never use the same password for multiple accounts. We highly recommend that you change them regularly as well. Instead of a password, use a key phrase incorporating special characters, numbers, and upper and lower case letters.

 

The Augusta IT Guys

4332 Wheeler Road #105, Augusta GA 30907

706.426.6313

Follow your Augusta IT Guys on FacebookTwitterInstagram, and Linkedin

Menu