Ransomware - Are you Doing Everything to Protect your Company?
Ransomware is nothing new - it has been an issue for years, but it has recently been back in the news again with high profile cases like the Georgia Court system and multiple cities in Florida.
You may think that small businesses are not the target of ransomware attacks, but malicious actors know that small businesses may have less invested in their security systems, which makes them a better target than larger companies.
So what can a small business owner do to protect their business against ransomware?
It is essential to understand that protection needs to be beyond antivirus (you do have antivirus, right?). Here are the four most important steps any business can take to protect against a ransomware threat:
Backups:
There is nothing that will offer more protection from ransomware than a good, air-gapped, backup. A good backup will allow a business to restore encrypted files in an unencrypted format after the infection computer has been remediated. Businesses also need to the right types of backups and a robust backup process. A good backup should be snapshot based, stored in multiple locations, and offer the ability to roll a system back in time to a previous recovery point. If the backup files are accessible to an infected system, they could also become encrypted, making them useless for file restoration. The backup log files should be carefully monitored for any unusual activity or substantial changes in files which could indicate the start of a ransomware attack and ideally set up with alerts that automatically report these issues. Backups should always have multiple off-site copies.
Files that are stored in Sharepoint, OneDrive, or Google Drive should also be backed up. While there is some protection with these files being saved in the cloud, any syncs that are set up between your computer and these cloud services could cause any ransomware on your computer to encrypt your cloud files.
User Training:
Your employees are your first line of defense against ransomware. The end users at your company should be trained in email hygiene. Never click links in suspicious emails or download unknown attachments. Never run macros from unknown sources. Establish a training program for your employees to prevent future issues.
Equally as important, users should never save essential files directly to their computers. Files should be saved to backed up servers or cloud services. Not only will this help in the case of ransomware, but it could save hours of work re-doing files in the event of a hard drive failure.
If saving files to servers or cloud services is not possible, businesses should consider backing up individual computers using the same recommendations for servers. The cost is minimal compared to ransomware recovery.
Software:
All computers should have a quality antivirus product that is up-to-date and set to run scans on a regular basis. All software, including the operating system, should be updated with security patches. It can be annoying when your computer wants to do an update, but those updates help to keep your system secure. The Petya ransomware attack specifically targeted systems that were not kept up to date. By the way, you aren’t protected from ransomware if you use a non-Windows based operating system.
Prevention:
Steps should be taken to prevent ransomware from getting into your system in the first place. These steps can include email filtering, proper user access controls, segregated networks, firewall rules, and antivirus software. User access should be regularly audited to make sure that people only have access to files that they need and that there are no unneeded user accounts on the system. Anyone working on public wi-fi access should use VPN (virtual private network) software to prevent data leaks over public networks.
All of this sounds scary, and it should! Businesses have had to close due to damages from having vital files encrypted and recovering from a ransomware attack is expensive.
Are you 100% confident in your ransomware protection?
Are you in the New Orleans area? AC3 would love to talk to you about your security! We can do an assessment of your IT systems, provide end-user training, and offer our recommendations for proper data security. Talk to an information technology specialist or email us at support@ac3it.com with any questions!