The Smaller Your Business, The Bigger Your Ransomware Threat In 2018
Did you know that ransomware attacks grew another 250% in 2017? This is in part because of its ability to print money for hackers in ways that few other malware methods do. But while larger organizations dominate the headlines for suffering high profile attacks, you can bet there are hundreds of thousands of small businesses that were attacked and never made the news.
It’s pretty recent that researchers began to realize what a big problem ransomware is for small businesses. They target SMBs because protection schemes are typically weaker. A July 2017 study by Osterman Research not only confirmed that malicious attackers were preying on small businesses but revealed a much more startling fact: 22 percent those business hit by ransomware were crippled to the point they had to cease operations immediately. Another study found that 71% of attacks on organizations were successful.
So how can today’s small businesses protect themselves and avoid being the next victim of Malware? Here are four need to know tips I recommend to my customers:
1. Employees Can’t Stop Ransomware
Most employees are focused on getting their jobs done, whether it’s serving a customer or meeting a coding deadline. When all it takes is one employee to make a bad click, it’s time to stop thinking that humans are a viable line of defense against ransomware.
2. Don’t Exempt Top Executives from Security Policies
We all know that top executives are top targets of phishing attacks. But what’s more concerning are the findings of my company’s survey of a thousand IT and business leaders last year, revealing that half of business decision makers and three quarters of CEOs admit to risky behavior, including using unauthorized applications on endpoint devices. They know it’s wrong, so the best security posture is to lock down their machines just the same as entry or mid-level workers. No exceptions.
3. Make Ransomware Prevention Automatic, and Easy
Anti-malware software is a must for laptops and other endpoint devices your employees have. There are various types, but you should consider only those that require no user intervention, such as patches or manual updates to ensure prevention or data backups. This is because, again, your employees are busy.
4. Don’t Pay the Ransom
The FBI says that of the easiest ways to ensure you don’t have to pay the ransom is by having a data backup and recovery plan for all critical information. Perform and test regular backups to limit the impact of data or system loss and to expedite the recovery process. Note that network-connected backups can also be affected by ransomware; critical backups should be isolated from the network for optimum protection.
At the end of the day, having a backup and recovery plan is your best defense for combatting against ransomware. Even if a quarter of businesses take a day to get everything back, your goal should be no more than two hours. And to be sure you can hit this target, conduct regular recovery process reviews.