Ransomware attacks have increased 148 percent in the last year. It’s more important than ever for businesses of all sizes to understand how to prevent ransomware attacks.
Ransomware may be a term you’ve heard in cybersecurity training or read in a news headline. Unless you’ve been personally or professionally impacted by ransomware, chances are you haven’t given it too much thought. Ransomware is a type of malware that infiltrates your network, files, or programs and restricts access until a monetary ransom is paid.
In April this year, the Colonial Pipeline was targeted by ransomware that cost the corporation $4.4 million to unlock. Computer manufacturer Acer recently suffered the most expensive ransomware attack in history, paying $50 million to cybercriminals in order to release their data. While many business owners think that ransomware criminals target only large corporations, in reality, all businesses that store data electronically are vulnerable to attack. The average ransom demand has increased from $5,000 in 2018 to $200,000 in 2020. Universities, hospitals, and financial institutions have been hit especially hard.
The ransom payment is not the only cost a business incurs after an attack. If your company’s data becomes encrypted and inaccessible, you lose days of productivity and will have to rebuild your security network. Companies often have to lay off portions of their workforce in order to recover financially from a ransomware attack.
As a result of the pandemic, more employees than ever are working from home. Employees using their home internet to connect to work increases network vulnerability. As a result, ransomware attacks have increased 148 percent in the last year. It’s more important than ever for businesses of all sizes to understand how to prevent ransomware attacks.
Here’s what you can do to prevent ransomware attacks on your business
1. Antivirus Protection Software - A standard security measure, antivirus protection software is already an integral part of your business’s computer network. Where most businesses fail, however, is in keeping their software up to date. Regular software updates are critical to protecting your business from the latest threats. Keep updated antivirus protection software on all company and employee devices, even the ones that are used at home.
2. Create Firewalls - Your business network isn’t secure without firewalls filtering traffic coming into and leaving your network. Firewalls provide a barrier between your company data and the rest of the internet. Firewalls can detect incoming malware and shut it down before it gains access to your data and applications.
3. Set Up Spam Filters - Phishing emails have become increasingly convincing. Instead of a Nigerian prince asking you to wire money, these emails now resemble official emails. It’s easy to overlook the telltale signs of an email scam, so you need to protect your business and employees with a strong spam filter. A spam filter will prevent phishing emails from ever reaching your employees’ inboxes. According to the Small Business Administration, technologies such as Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) can protect your business.
4. Educate Your Employees - At the end of the day, your employees are the weakest link in your cybersecurity web. Prioritize targeted training for employees at every level of your organization. Hackers will target employees through their logins, wireless networks, and emails. Make sure your employees are aware of the threat and understand how ransomware works. Provide a security framework that allows employees to report suspicious emails and identify secure and unsecured websites.
5. Require Multifactor Authentication - Most employees use the same username and password for multiple accounts. Passwords are rarely as strongly crafted as they should be, and many users only change their passwords when forced by the system. Multifactor authentication adds an extra layer of security should a password become compromised. When an employee attempts to log in to sensitive data, a secondary authentication code is required. This code is often sent to the user’s phone and is time-sensitive. By authenticating every employee, every time, you can help combat illegal access to your systems.
6. Enable Endpoint Security - Real-time monitoring of endpoint data leads to an immediate response and analysis of cyber threats. Endpoint security can detect, block, and contain attacks before they cause damage. With multiple employee devices accessing your secure networks, it’s important to extend endpoint security to all desktops, laptops, and mobile devices.
7. Tighten Up Access Controls - Utilize the principle of least privilege (PoLP) for every piece of data your employee’s access. From document editing privileges to secure database viewing, only give access to the employees that need it and only for the specific amount of time they need it. By limiting the number of employees that have access to important data and functions, you limit opportunities for hackers to insert their malware.
8. Restrict Social Media Access - Ransomware links that travel through social media often have the appearance of coming from a friend or co-worker. It can be hard for employees to identify a threat before it’s too late. The safest thing for your company to do is restrict social media access on work devices. If that doesn’t work for your business model, extensive employee education and comprehensive security measures will be necessary to cover the additional risk.
9. Regularly Backup Your Data - If a ransomware criminal’s power comes from control over your data, the best defense is an up-to-date backup of everything your company needs to operate. If it comes to it, having a complete backup means you can scrap your old hardware and start fresh. While preventive measures should be in place to prevent this costly situation, if you do have a security breach it is beneficial to have a second copy of your company’s data.
10. Develop a Cyber Attack Preparedness Plan - Your preparedness plan should include your preemptive security checkups and data backup schedule as well as an action plan should a cyberattack occur. It’s important to report any ransomware attack immediately. You may be able to stop the spread to other systems in your network or save other companies the same fate with swift reporting. Many companies are joining the No More Ransom project. If companies refuse to give in to cybercriminals, law enforcement agencies hope the attacks will eventually subside.
Whether you run a small business or are employed by a larger corporation, accessing data over the internet has inherent risks. Your personal identity, financial security, and company assets are not secure without many layers of cybersecurity. Cyberattack prevention can only be achieved when knowledgeable individuals practice safe internet habits.
While ransomware is the most prevalent form of malware, many other cyber scams target the elderly and other vulnerable populations. At Muncy Bank, the online security of our customers and community businesses is a top concern. If you’d like to learn more about how we keep our customer's personal and financial information safe from cyber threats, contact a knowledgeable associate or stop into one of our convenient locations in Muncy, Hughesville, Clarkstown, Montoursville, Dewart, Avis, Montgomery, and Linden.
Member FDIC