As businesses continue to digitally transform, they increase their risk of cyberthreats. In fact, many organizations are being exploited by the technology they are using to simplify their workflows. From cloud software to e-commerce environments, risks are around every corner.
The moment a company begins storing its data on a server, its security is in danger. On average, it takes 86 days for an organization to detect an external intrusion on its network. During this time, the intruder is collecting vast amounts of critical information including passwords, usernames, and more.
A ransomware attack is a common form of cyberattack and is one of the most destructive types as it holds a person or organization’s data for ransom until a price is paid. If the demanded amount is not paid, the hacker will publish stolen data, which will likely result in negative consequences to a business such as lawsuits, fines, and reputational damage, for example. Even if the company has an unaffected backup copy of its data, it can take several days to weeks or more to fully recover.
While there is no immunity to a ransomware attack, organizations can minimize the risk associated with a ransomware attack. The following is a practical approach that a company can take to protect its data against cybercriminals.
1. Understand the risks
The first step in reducing the risk of a cyberattack, is to evaluate the risk to your servers and data through a risk assessment. Businesses of all sizes and types in every industry are at risk for a ransomware attack. The more technology and online tools that a business and its employees use, the more likely it is a hacker will use automated tools that identify weaknesses within a network and utilize and exploit for personal gain. Although it is believed that paying a ransom will help retrieve information, rather than deleting the data permanently, intruders are likely to hold onto the information with plans to request a new ransom several years down the road.
While many businesses feel they may be too small to be attacked, the tools hackers utilize do not differentiate between a small or large business. Hackers also are known to take advantage of the “We’re too small of a company to be attacked” mindset and use this vulnerability to attack. Now more than ever, ransomware attacks are making the headlines. This is because heavily sanctioned nation-states such as Iran or North Korea are in need of generating more cash and the easiest way to do so is to hold an organization’s data for ransom and request payment to be made in Bitcoin, as it is typically untraceable.
Another factor is the economy or a global pandemic. For example, COVID-19 has greatly increased the number of ransomware attacks businesses have experienced due to heightened COVID-19 sensitivity and awareness from employees. Hackers tend to use socio-economic matters, health concerns, pandemics, and more to ramp up their attacks.
2. Educate employees on the signs of cyberattacks
Ransomware attacks can often begin with a phishing email, urging employees to click on suspicious URLs that are embedded with malicious attachments or links. If employees mistakenly click the link in a phishing email, they should immediately shut off their device and notify their IT department.
Training and education are crucial for employees to help them understand when and how they are being targeted. This training should be frequent, instructing them on what to look for in an email and how to identify that it may be of risk. Sending test emails can also help to arm them and help them identify a dangerous email.
Additionally, cybercriminals may perform test runs to better identify weaknesses within the network prior to launching a full-scale attack. Through frequent employee-security awareness training, employees must understand what the signs are for these threats and be able to report them if any are spotted.
Hackers can utilize software programs to steal credentials and break into the network. Any signs of software-removal programs that were not previously installed on the computer by an IT professional can be a sign of a hacker attempting to remove security software to easily access the network.
Once a computer is infected by a ransomware attack, users will receive an error message, informing them that their files have been encrypted. This message is typically a warning, urging users to pay to retrieve their personal files including photos and other documents.
3. Arm your business
With a ransomware attack occurring [so often these days], it has never been more important for an organization to find a solution that helps protect its information from cyber intruders. This means that anyone and everyone are at risk for having their data held for ransom.
Businesses should invest in the latest generation of anti-malware software such as CrowdStrike, Carbon Black, and the latest versions of Symantec and McAfee to help protect their data. These software solutions offer protection against a computer virus. Companies should also consistently update their software on servers and user computers with the latest security patches. Firewall-software updates should also be made. Ensure current backups cannot be encrypted and introduce network and computer-based intrusion-prevention systems to ensure strong security against cyberattacks.
Finally, technology alone will not reduce the risk of a ransomware attack. Organizations must have updated policies and procedures such as incident-response plans, disaster-recovery plans, and data-breach plans in place to be prepared when an attack will occur. Various state laws such as the New York Shield Act and New York State Department of Financial Services Cybersecurity Regulation require that all companies in New York comply. Rehearsing for these instances enable employees and IT professionals to become as prepared as possible to avoid any phishing emails and identify immediate steps for when a ransomware attack occurs.
Protect yourself and your employees
Cyberthreats are unavoidable for businesses of all sizes. The interconnectedness of businesses through the use of the Internet presents a tremendous risk of a cyberattack. Understanding the risks and the signs of a ransomware attack, properly educating employees, and arming the network with software that is updated and preventive can help you ensure that you and your employees’ data is as safe as possible from a cyberthreat.
John Roman, Jr., is president of FoxPointe Solutions and the chief information officer at The Bonadio Group.