In a recent article about protecting information, we introduced “threats” and explored what an effective Information Security Program aims to protect.
In this article, we’ll delve deeper into ransomware, which is an intentional, externally sourced threat to the availability of a business’ assets and information. Specifically, ransomware is a more sophisticated kind of cyberattack that encrypts victims’ data to render it useless until a ransom is paid, usually in cryptocurrency like Bitcoin, for the decryption key necessary to regain access to the impacted data stores and recovery backups.
Ransomware attacks are committed by malicious criminals called “threat actors”. Occasionally the threat actors are working on behalf of a nation-state government, but most commonly, these attacks are perpetrated by opportunistic rings of cyber criminals. They leverage commercial “Ransomware as a Service” platforms to facilitate the attacks and operate on the profits of their ongoing ransomware campaigns. Both the prevalence and costs of ransomware attacks have steadily increased over the years, with some of the most notorious cyberattacks resulting from global-reaching ransomware.
Organizations are right to think proactively about what impact ransomware would have on their organization and how to best manage this risk. But what does this mean for small businesses? What can small businesses do to mitigate their risk of a ransomware attack?
The Best Offense is a Strong Defense
Since phishing emails are the most common vector for these attacks, employee vigilance is key. Organizations should conduct regular and varied security awareness training sessions with their employees. Whether these trainings are held quarterly or annually, employees only stand to benefit from routine refreshers on how to spot phishing emails and the importance of reporting possible phishing emails and security breaches alike.
Other defenses that can reduce the risk of a phishing attack succeeding include enabling your email provider’s spam/phishing protection capabilities and using Multi-Factor Authentication (MFA) for all user accounts, along with strong unique passwords.
While phishing is a primary vector for ransomware, it is not the only way that attackers get into a small business’ network. Many small businesses choose to allow direct remote access to internal computer systems over the internet. Doing so makes remote management of those computers easier, but it exposes those systems to direct access from attackers.
When an attack does happen, it is important that an organization be able to recover and resume operations. Maintaining current offline data backups and regularly testing data recovery plans and procedures are critical to ensuring the capability to return to business as usual as quickly as possible. Data recovery efforts ensure that any loss to the accessibility of data – whether by ransomware or natural disasters, such as an earthquake or a hurricane – will create as minimal of a disruption to the continuity of your business operations as possible.
Now that you know what ransomware is and we have briefly explored how to best protect your information against these kinds of attacks, you are one step closer to better securing your business and mitigating the potential impact of ransomware.
Click the links at the top of the page to follow Focivity on Twitter, LinkedIn, and Facebook and let us know what you think!