There is an ever-increasing chance that your company will fall victim to some form of a cyberattack over the next 12 months. Cybercrime is costing the UK alone billions of pounds each year (source), and this dismal statistic applies to large and small businesses alike. One of the most prevalent forms of cybercrime is the ransomware attack. As a business owner, you must understand how best to protect against ransomware to ensure you can recover unscathed.
What Is Ransomware?
Ransomware is a type of cyber attack that compromises a users device such as a laptop, desktop or mobile, usually via malware. The attack encrypts the users’ data so that they can no longer access it. Such ransomware will typically spread to other computers on your network, replicating the damage on each device, including servers and data backup storage systems.
At some point, you will be asked to contact your attacker by email or through a dedicated web page to make a ransom payment in return for your data being unencrypted. Often, the demand payment is a cryptocurrency such as Bitcoin as its untraceable. You may elect to pay the ransom, though that’s not a guarantee that you’ll recover your files. Too many times, the victims’ files are never fully recovered.
Should You Pay the Ransom?
The answer to this question is not a clear-cut yes or no. On the one hand, no law enforcement agency endorses or condones paying ransom demands. The rationale is simple, paying the ransom supports the criminal activity. Furthermore, you are, after all, dealing with criminals. So, you’re not likely to recover your data or even regain access to the infected machine(s). Your computer remains infected, and you are now a marked target for future attacks.
On the other hand, some companies have been put in a situation where they can’t afford NOT to pay the ransom. In these cases, the cost of lost data outweighed the cost of the ransom. To avoid placing your organisation in this position, take precautions to safeguard against ransomware attacks.
This BBC article covers the most recent ransomware attack on Colonial Pipeline, which ended up paying a $5m ransom to the hacker group named Darkside.
9 Methods to Protect Against Ransomware
Many times, prevention is better than cure, especially if the cure is a ransom demand that will cripple your business financially. Below are nine ways that you can fortify your security to protect against ransomware attacks and increase your chances of recovery.
1. Backups, Backups, Backups
It is essential to have a firm backup strategy in place as part of a solid disaster recovery and business continuity plan. Should ransomware make it past your security, having backups can increase your organisation’s chances of recovery. Your IT teams should be maintaining a regular schedule of daily and monthly backups, then storing them in more than one location.
A long-standing rule for backup is to keep three copies of your data on different media, with one copy being offsite. Cloud services offer one cost-effective source for data. They allow you to store your data in an alternate location. Should ransomware take hold of your primary network, you’ll have current data stored in the cloud, ready to restore your systems once the ransomware is cleared.
Ransomware can also infiltrate cloud backup solutions. For this reason, offsite backups are strongly recommended. Such backups involve keeping copies of backup data in an alternate physical location on media such as SSD drives. This measure can be a critical piece of your disaster recovery plan should ransomware infiltrate both your cloud storage and local network.
At Securus Communications, we offer a secure cloud backup solution that uses immutable data locks and airgap technology. This form of storage ensures that at least one copy of your data is effectively locked and offline at all times, thus safe from attack as the ransomware can’t find its way there. Please get in touch if you are interested in using immutable data locks and airgap backup technology.
2. Email Filtering and Alerting
Most often, ransomware enters a network through a phishing link or attachment sent via email. An employee clicks a link and opens the door for ransomware to enter. One way to combat this is with email filtering, which almost all email providers have built into their platform. When you use email filtering, software analyses all incoming emails and flags potential spam and phishing content. The software then moves those emails to a designated folder.
You may find that the malware filters your current email solution has in place aren’t keeping up with the latest malware evolution. We can help you quickly roll out enhanced email monitoring services for added protection. Such filters provide an extra layer to your email security. We also include real-time alerting that lets your IT admins know when a suspicious email has been flagged and quarantined.
3. Antivirus Software with Ransomware Protection
Most antivirus software has protection against ransomware built-in. Ransomware is, after all, a form of malware. All major antivirus software utilities include protection against ransomware, especially now that ransomware is a rising form of malicious criminal activity.
Thus, the most effective way to guard against a ransomware attack is to ensure that your antivirus software is up to date across your network, down to the individual user device. Remember, this includes devices with limited security protection, such as Bring Your Own Device (BYOD) and Internet of Things (IoT) machines like sensors and smart devices.
Antivirus software should be installed on more than just servers and laptops. Tablets and mobile devices, especially mobile phones, all need protection.
4. Employee Security Education and Awareness
Cybersecurity training for your employees is a crucial element in your security plan. Ransomware and other cyberattacks are possible because users inadvertently click malicious links or unknowingly give away access credentials through phishing and other forms of social engineering attacks.
Your employees should receive training on handling sensitive or proprietary data, so there’s even less potential for accidental leaks. We can help you to train your staff about the common cyber threats they will most likely encounter. By doing so, you’ll be able to mitigate successful attacks. Employees should also be trained on how to spot, react to, and report suspected attacks that may arrive through email, text message, or pop up in their browsers.
5. Reconsider Your BYOD Policy
With the recent expansion of the remote workforce, more employees work from home or other locations outside of established offices. Some are using their own laptops and mobile devices to work and access the company network.
There is risk involved in using BYOD (Bring Your Own Device) because those devices may not have proper antivirus or other security software installed. Furthermore, some mobile devices were never designed with security in mind. Beyond the device itself, the access network may not be secure, especially in the case of staff working during travel and accessing free public WiFi services. Public WiFi and Bluetooth hacking are on the rise.
To counter this, your company can restrict network access to company-issued devices only and require employees to access the network through a Virtual Private Network (VPN). IT can manage antivirus software updates on these corporate devices and apply update patches to ensure they remain up to date.
Another BYOD that is often overlooked is the portable memory stick or USB drive. Those can carry ransomware and spread it to other devices. Many IT departments disable the use of memory sticks and other portable storage devices on company-issued laptops and workstations to counter this.
6. Firewall Protection and Security General Design
Your business network is complex and likely contains a combination of Local Area Network (LAN), wireless networks, cloud services, branch offices, and remote employees who access the internet through various gateways. Therefore, your security design must be able to address all access points as well as the devices used for that access.
One recommended security model is Secure Access Service Edge (SASE), which combines network security services into one cloud-based platform. SASE employs several technologies, including a VPN and Software as a Service (SaaS) for internet access.
For security, SASE uses Zero Trust Network Access (ZTNA), which restricts unauthorised access to the cloud, thus lowering the risk of data loss. ZTNA also identifies devices and apps, so administrators have the option of limiting those as well.
A Secure Web Gateway (SWG) also prevents employees and devices from accessing malicious websites. SWG enforces acceptable use policies before users can access the internet and blocks inappropriate content.
Next-Generation Firewalls (NGFW) are often a component of SASE and SWG. Modern NGFW’s are advanced firewalls that use static and dynamic packet filtering (including SSL inspection) to monitor and secure all data traversing between the network, the internet gateway, and the firewall itself.
7. Security Patching
Applying the latest patches to your organisation’s operating systems, devices, and applications is an essential part of any security protocol. Software suppliers release patches to address vulnerabilities they find in their software. Unfortunately, this also notifies cybercriminals of these vulnerabilities. If your organisation does not install a patch right away, it’s left open as a weakness for hackers to exploit. Hackers use the weak spots as entry points for ransomware and other malware programs.
Patches with a high priority level rating should be applied within hours of their release. Your IT team can place lower priority level patches within your regular maintenance schedule.
8. Have A Solid Disaster Recover (DR) Strategy in Place
A well thought out DR plan ensures business continuity in the event of a system failure or security breach, and a critical element of any DR plan is to protect data. A DR plan reduces the impact of ransomware attacks because it enables your organisation to restore business operations as quickly as possible.
Because ransomware encrypts data, the DR plan must also contain data backup protocols to restore that encrypted data. That may include combining the steps listed above, including offsite and cloud backups using immutable data locks and airgap technology. Even if you cannot save real-time data, a good DR policy ensures you can restore a recent version.
9. Partner with a Security Consultancy
Partnering with a Security Consultancy such as Securus Communications can help you quickly and efficiently secure your entire businesses IT operation. We can work alongside you, assisting with enhanced email filtering, SASE, SWG, and private cloud backups with immutable data locks and airgap technology. Plus, we also offer staff security training and cyberthreat awareness. For more information please get in touch.
While ransomware isn’t a threat to take lightly, there are several ways to protect yourself against such an attack. Please use our article as a guide to the most effective steps to take. Furthermore, should a hacker manage to get through all your safeguards, having a proper DR plan in place will enable you to restore your lost data and return to business as usual.
Technology Insights Newsletter
Includes our FREE 10-page SASE Report
The Securus Technology Insights monthly newsletter for IT decision-makers who need to stay well-informed. We update you on key business areas relating to the technology landscape, best practices and insightful news. Don’t get left behind.
You will also have our insightful Complete Guide To SASE article sent to you for FREE. This is a 10-page deep-dive into the SASE technology, exploring how it can help your business.
By subscribing to our hugely popular monthly Technology Insights newsletter you will receive the 10-page Securus Communications Complete Guide To SASE article direct to your email inbox, right now!