BLOG UPDATED October 8th 2020 to include the latest regulations.
And it’s here just in time. Ransomware attacks are on fire—we have some shocking stats to prove it. Organizations of every size are under attack, including local governments. According to the Baltimore Sun, the Baltimore City government lost over $18 million and had challenges for over a month in getting back to “business as usual”.
According to Comparitech, last year’s ransomware damages were predicted to pass $8 billion and were up 12%. And Ransomware downtime costs most organizations over $64,000, while these attacks are costing businesses across the enterprise over $75 billion every year.
So, we’ve pulled together a quick ransomware survival guide to support your organization in preventing these cyberattacks and knowing how to respond effectively if the worst occurs.
Here are 5 simple ways to keep ransomware from threatening your business:
1. Educate your workforce.
This might sound like a no brainer, but as you can see from the example above, just one employee clicking content from the wrong email can compromise your entire organization. Ransomware can start with an email or SMiShing attempt, so arming your employees is an important first step.
It’s important to create a security training program to prepare your workforce to see the signs before a cyberattack occurs. That means running an effective security compliance training because spam filters aren’t enough. Employees need to be trained on the latest policies and the basics for recognizing suspicious content and scams. It isn’t a one-and-done training—repetition is everything to get your team members thinking before they click anything.
And don’t feel guilty about testing your team members either. Spear phishing messages connected to ransomware frequently have a 6x higher click-through rate than actual marketing emails and 70% of employees engage with them unknowingly.
You can get some great feedback from your associates too. Ask employees what they are seeing and deleting and ask them to report anything suspicious to IT so you can prevent their colleagues from getting trapped.
2. Back up locally and on the cloud.
Backing up your data and system can prevent damages that you cannot recover from and can keep you from getting trapped paying a ransom in the future. And even if you’re keeping an active archive of your data and files in place already, that’s not enough. Backup is mission critical to disaster recovery of any kind—especially after a natural disaster or a cyberattack—because archives help with preservation, not recovery.
In the event of a ransomware cyberattack, restoring your files from a secure backup is the fastest way to regain access to your data and systems. Cloud backup solutions are ideal for protecting your data, so it isn’t infected by ransomware. This backup is an extra layer of production every organization needs when your data is worth so much.
3. Keep your systems up-to-date.
Making sure all of your software is up-to-date with necessary patches can keep your organization more secure. Malware spread by exploit kits on websites that have been compromised target vulnerabilities with more dated software. In order to prevent infection, regular patching and updates are a must
4. Don’t slack on security scans and assessments.
Frequently running scheduled security scans is mission critical. Security software can’t defend your system if you aren’t running scans across all of your organization’s data frequently. But just running those scans isn’t enough.
At minimum, make sure your IT department is performing an annual security assessment to see where your vulnerabilities are and spot them before they can compromise your organization. Having the right security partner can change everything for small to medium businesses that are frequently targeted without having an abundance of IT personnel or resources. Bringing in outside experts can support better anti malware and ransomware software, comprehensive training and a stronger security strategy overall.
5. Avoid federal violations and sanctions.
Getting hit by a ransomware attack was already a dire threat to your business. And now, after a new advisory issued by the OFAC on October 1, 2020, technology leaders also have the danger of getting hit with sanctions by the US Treasury Department. Cybersecurity professionals and organizations are now faced with a higher level of risk after being cautioned on potential US policy violations for organizations and individuals who pay ransomware attackers.
And if a ransomware victim thinks the ransomware attacker could be a sanctioned entity, OFAC says they should contact the Treasury’s Office of Cybersecurity and Critical Infrastructure Protection “immediately”.
5. Spot threats sooner with early detection systems.
Installing early unified threat management programs can spot suspicious activity and address it before your system is ever compromised. Early unified threat management software frequently supports gateway antivirus software also. There’s software designed to identify attacks that have already started so you can immediately act to halt them in their tracks.
Ransomware attacks can happen anywhere.
At MicroAge, we’ve seen how frequently these ransomware attacks have impacted our clients. Just recently one of our account executives worked to get an east-coast based auto parts manufacturer back in business after an employee engaged with email messages from an unknown source that corrupted their system. They were seeing the signals of the cyberattack for months, but in the aftermath, their small IT team was blindsided by it.
“The good news is the process made the client assess all of their software to get on the latest versions and prevent future cyberattacks from threatening their business,” Senior Account Executive, Mark McNally recalls. “This can happen anywhere.”
And he’s right—ransomware attacks are happening across industries and around the globe. That’s why every organization needs to build a comprehensive security strategy.
Build a powerful security strategy.
The best defense against ransomware is a strong security strategy. MicroAge is here to help. Contact your Account Executive, call 800-544-8877 or email our Solutions desk to start building your security strategy.
Build a powerful security strategy.
The best defense against ransomware is a strong security strategy. MicroAge is here to help.