Protect Your Business from Ransomware
By David Ryan for America's Backbone Weekly
Ransomware is a growing threat that is affecting businesses across America. Ransomware is malicious software that attacks a business's data network by encrypting it. As the name implies, cyber criminals who send the virus follow up with ransom demands which can range from hundreds to thousands of dollars. If businesses want their data back, they have to pay. If not, the criminals may threaten to permanently encrypt the data, destroy it, or even make it accessible to the public. According to a June 2016 study sponsored by security firm, Malwarebytes, 41 % of American businesses reported experiencing between one and five ransomware attacks in the previous year. Of these, 6% reported revenue losses because of the attacks. The FBI has estimated that ransomware cost businesses a total of $209 million in the first three months of 2016. A Symantec report indicates that the average ransom demand is $679. Clearly, ransomware is a serious threat to businesses of all sizes. Small and medium-sized businesses can be especially vulnerable because they often lack sophisticated security systems. Fortunately, there are steps your business can take to protect itself.
This sounds like a no-brainer, but every computer and mobile device that's used in the business should have up-to-date antivirus software installed on it. Whether you're using products like McAffee or AVG on your computer network, or running mobile device management (MDM) software on your Smartphones and Tablets, you need to make sure that it's up to date and that it includes features that protect against ransomware. Antivirus programs generally cost a few hundred dollars for a MSB and can save hundreds to thousands of dollars in ransom money.
Managing administrative privileges
By setting your network to limit the kinds of software that can be downloaded or used, you limit the possibility of a virus being installed on one of your machines. Employees may be tempted to install free productivity software on the web—or even games—but whatever their intentions, the possibility of getting a ransomware virus is reduced when downloading privileges are limited. The problem with this solution is that employees usually aren't too happy when their ability to use their computers freely is denied. But if data security is essential for your business it's an option you may want to consider.
Your data is essential. For a mom and pop grocery store this can encompass all your inventory and sales data. For a construction company, this would include sales, planning, and supply chain information. For health providers, the matter becomes a little more serious as they have custody of sensitive medical records and patient data. To ensure you always have access to your data, it's a good idea to backup that data on an external device that can be disconnected from your network. Cloud servers can be used as backups, but they too run the risk of being infected. An external drive is a great way to ensure that you have a copy of your data that can't be touched if your network is ever compromised by ransomware.
Updating Vulnerable Third-Party Software
Popular software such as Java and Flash is often exploited by hackers and used to enter computer systems. When security flaws are discovered by the vendors they are fixed through security updates. You need to ensure that any computing devices used in your business receive regular updates to Java, Flash, Adobe or any other software they might be using.
Computer security training for staff
This may be the most important preventative measure of all. Viral links and phishing attacks in emails are some of the most common ways that ransomware is distributed. Many average computer users simply aren't aware of these potential threats and don't know how to spot them. It's essential that your IT personnel stay on top of the latest ransomware threats and that this information is passed on to all staff. If you don't have a designated IT staff, you will need to fill this role. Networking with a vendor or a consultant can help you get a handle on everything you need to know about ransomware and other security threats. Regular training sessions (every six months) are a great way to educate and remind staff about cyber security. Special emphasis should be placed on the potential risks of downloading software and how to identify fishy emails that may contain malware. Testing employees, either with a written or multiple choice test, or by sending fake viral emails, is a great way to ensure that they've got a firm grasp on security concepts.
ConclusionProtecting your business from ransomware is an ongoing process. It is important that you stay up-to-date on the latest in ransomware trends, and that you react accordingly, whether by using antivirus software solutions or through cyber security training. People are your strongest line of defense, so make sure your staff are continuously kept up to data about security threats, including how to identify them and deal with them. If you don't feel entirely confident in managing your business's cyber security yourself, you can always consult with a security firm. The larger software providers like Symantec usually offer consulting services, and companies like New York-based Lifar offer a wide range of services, including user awareness training.
Copyright (c) 2016 Studio One Networks. All rights reserved.