How to keep your business safe from the storm of Ransomware attacks
July 2021
Ransomware is a hot topic and a scary one since it can affect anyone – including your small business. In fact, more than 43% of cyber attacks occur on small businesses. In the first in this two-part series, we’re recommending some simple tips on how to protect your business from ransomware attacks. In part two we take you through a few advanced techniques to keep your systems secure.
Any good sailor knows the way you prepare for a storm determines if you can sail again tomorrow. Ransomware is just as dangerous as a storm on the open sea and can destroy your business if you’re not prepared.
The top 5 ways to protect your business from ransomware attack:
- Educate your employees
- Backups can save your business
- Run security patches
- Create a guest wi-fi network
- Limit user access
1. Educate your employees
All sailors should recognize a storm warning
All the sailors on the boat have a job. All jobs differ, but everyone has the responsibility to alert the captain of an impending storm.
Your staff should be able to recognize the warning signs of an attack. Employees should be educated about phishing links and malware attachments, including what they look and sound like. If an employee receives an email from someone they know but it is strange, they should pick up the phone and call the sender to verify the sender was not hacked.
The Verizon 2021 Data Breach Investigations Report noted that 82% of data breaches involved a human element like failing to recognize phishing emails and falling for using poor passwords.
- The Verizon 2021 Data Breach Investigations Report noted that 82% of data breaches involved a human element. Some examples of the human element include:
- Failing to recognize a phishing email and clicking on a link or attachment
- Engaging in conversation with someone spoofing the email of a trusted person and giving information to that person
- Using poor and commonly known passwords
- Re-using passwords or sharing passwords with others
- Falling for social engineering schemes, e.g. an email or call asking for company information or a purported call from “Microsoft” need access to their laptop to fix a vulnerability
- Misconfiguring software or using software which is no longer supported
- Clicking on bogus social media posts
- Failing to promptly install new updates and patches
- Failing to encrypt sensitive data when emailing or sharing it
Never share passwords via email. Instruct your employees that they should not open links that look strange. They should not install programs when they do not know what they are.
Local cybersecurity firm Sensei Enterprises recommends that cybersecurity awareness training be held twice a year to help keep employees on their guard.
These simple instructions seem like common sense but everyone should be reminded of best practices, and if possible you should implement security awareness training for your team on a recurring basis. Educate your sailors!
2. Backups can save your business
Make sure your lifeboat is ready
Think of your system backups as your lifeboat. If you are compromised by ransomware, you will need someone to come to your rescue. The best rescue you can hope for is a lifeboat.
According to the Sophos State of Ransomware for 2021 report, only 8% of entities get back ALL their data after paying the ransom.
Backups are more than just your data or database. You should back up your code and system as well. For maximum safety, we recommend backing up your data daily. If you want to go a step further, you can store your backups off-site from your server.
According to the Sophos State of Ransomware for 2021 report, Only 8% of entities get back ALL their data after paying the ransom. Creating frequent backups guarantees you’ll still have your data post-attack.
We recommend Acronis or IBackup as affordable options for implementing your own backup strategy.
3. Run your security patches
Everyone on board needs their own life jacket
In every technology system there are several pieces that include Server operating systems, code versions, frameworks, browsers, databases, and more. Each piece has their own set of security updates. Usually each piece has their own schedule of when updates become available – for example Windows updates come out every 2nd Tuesday of the month.
Just like every person on board needs to have a life jacket, every piece of your technology system has a life jacket. It is important that you understand what needs to be updated in your system and monitor when those updates become available. Keep your system safe by running updates when they are available and staying informed of server patching best practices.
4. Create a guest Wi-Fi network
Fellow boaters are welcome to party next door, but not onboard
Maintain a separate guest WiFi network for unknown devices. Anyone who wants to connect to your WiFi network should only access a separate guest network in order to keep their devices from accessing your information.
Think of this as neighboring boaters who want to come aboard your boat. If you take on too many, your boat could capsize! Instead, allow them to pull their boat up next to yours and spread out to party!
5. Limit user access
There’s only one captain
No matter how many people are on your boat, there’s only one captain. If all the boaters try to steer, you won’t go anywhere. The same is true from your business.
Each company is different, but it’s important to remember that not everyone needs full access to every system feature. We recommend limiting access where possible with the following guides:
- Do not give employees Admin access to their work machine. This means they should not be able to access permissions on the computer to change them.
- Be intentional about shared drives from the employee’s machine to another and to the server. If one user is compromised and has shared drives, the issue is more likely to spread.
- Limit personal use of employee computers. We know this is asking a lot, we have to remind ourselves of it too. Unfortunately, employees often inadvertently bring on malware through social media, personal email etc.
Boaters should always check the weather before sailing and prepare for the worst. You can do the same for your business and protect against ransomware attacks by staying aware of the environment and preparing a proactive defense.
Simple steps add up to real results that can help keep your business safe and prepare you for a successful cast off!