Ransomware, or malware designed to lock up your computers and devices in a way you can’t undo yourself, comprises a threat to businesses large and small. This malware lets attackers hold your devices hostage until you pay them what they demand, compromising your ability to communicate with customers, access files and take orders. These hackers typically demand money, and sometimes, lots of it.
For instance, many attackers use the most recent Locky ransomware variant, which infects computers through spam email attachments, and this malware asks victims for .49 Bitcoin, or about $1,600, for unlocking your device. Locky’s original form wreaked approximately $7.8 million in damages to business in 2016, and this was just one ransomware strain. The FBI estimates that, in general, ransomware cost businesses more than $1 billion in damages in 2016 alone.
The most common victims of ransomware targets remain companies with below-average IT security systems in place, making outdated security measures like a big bulls-eye painted on your company’s valuable data.
This very real threat can knock you out of business for more than a day, and unless you can afford both downtime costs and ransom demands, it could land your business in hot water. According to most estimates, 96 percent of victims lose data access for at least 24 hours.
Luckily, you can stay ahead of these hackers and protect what’s yours from current threats such as the headline-grabbing WannaCry ransomware with just a few simple steps.
1. Backup, backup, backup!
Always back up your data and always keep things fresh. External hard drives, USB devices and CDs all provide great options, giving you an easy way to diversify your data storage routine. This not only keeps your data safe from hackers, but also protects it from user errors and other online and offline threats.
For instance, if your office floods, an extra hard drive kept dry at home or in a disaster-proof safe can get you up and running again in no time. Check out network-attached storage (NAS) devices or a cloud backup service for extra security.
2. Think, and then think again before you click.
Avoid opening suspicious attachments and/or links at all costs when checking your email or surfing the web. The most common way to pick up malware is through email and careless clicking. To save you from yourself, take proactive measures such as configuring your email settings to block dubious attachments with extensions like .exe, .vbs, or .scr. This means you don’t have to worry about accidentally opening them, and when they’re out of sight, they’re out of mind.
3. When in doubt, patch it up.
Keep your software as up to date as you possibly can, including but not limited to your device’s operating systems, antivirus programs, browsers and plugins. Good antivirus software can block thousands of attacks per day, protecting your business in instances where employees get twitchy fingers and accidentally click on something they shouldn’t.
4. Keep your IT department on its toes.
If you are your own IT department, consider investing in a multi-layered defense strategy provided by a reliable company. For example Datto offers comprehensive data backup and disaster recovery solutions specifically for businesses if you want an extra level of security.
5. Stay alert to emerging threats.
Threats evolve quickly in this high-tech age, and sometimes, they spiral out of balance with businesses’ ability to defend against them. For this reason, it behooves you to stay as up to date as possible on the latest ransomware and malware news, putting you ahead of the game and keeping your business safe.
Contact Us To Learn More
The following are considerations when protecting your business's critical data.
Most businesses think if they have antivirus in place, then they are protected. Not a lot of small business take into account the multiple ways you can protect your business. In this brief, we want to talk about vulnerability testing.
Some business finds out they are vulnerable only after they are hit with ransomware or if there were a data breach and client and financial data has been taken.
What most small businesses don't know is they can plan and know what their network vulnerabilities are before the worst happens.
Over 61% percent of small businesses are victims of cyber attacks every year, and one in five them. Companies can take action to know if they are vulnerable without having to face the financial hardship security breaches can cause.
Businesses can conduct vulnerability tests which are a comprehensive audit of a businesses security flaws that a hacker could take advantage of, and the review can outline the potential consequences. The results of a vulnerability test provide information that will allow you to know what your security risks are and help your business plan your security policies moving forward.
Vulnerability test should be done on a regular basis by an outside consultant or in-house IT department if possible. Depending upon the size of business, you should do it every quarter if you are a midsize business, monthly if you are an enterprise business and once a year or every size months if you a small business. There are different types of vulnerability tests and here are the different options.
Pen-Test: A pen-test stimulates an attach on a business's network to test the strength of the security technology in place. With pen-tests, you will have a particular objective (e.g., steal a piece of specific data).
Vulnerability Scan: A vulnerability scan is more general, and it tells you where the weaknesses are in your network as opposed to a pen-test which tells you how bad a specific weakness is.
How often should you pen-test: Different Industries will have different government-mandated requirements for pentesting. One of the more broad-reaching regulations is the PCI DSS test which requires pen-testing every year. It is nice though if you do more than the minimum. You should also conduct a pen-test every time you have:
To learn more about these vulnerability test, please contact us.