The recent cyber attack on Garmin highlights the severity of ransomware. It’s also bewildering: After all, there’s just no excuse for being victimized by a ransomware attack anymore. Here are the critical elements of today’s ransomware prevention.
Many ransomware attacks occur because system users unwittingly allow criminals to enter their networks. An employee could “open the door” by clicking on a malicious link in an email, downloading a suspect software or sharing passwords or other protected information in response to a spoofed email. As part of your ransomware prevention plan, you and your employees must be trained to spot threats whenever possible. If someone within your organization divulges sensitive information, it puts your entire network and all your data at risk.
Small business owner tip: Schedule cyber security training for all employees and system users now. If you already offer training, ask your IT manager or service provider about phish testing.
Next-generation Endpoint Protection
Organizations need to safeguard their users and data. Anti-virus software used to do the trick at recognizing known threats. But in our current environment you can’t afford to wait for threats to be identified. The latest endpoint protection products monitor computers for behavior, not just nefarious files or file types. In other words, if the protection product identifies unusual actions like copying or encrypting on a network, it can halt those operations. This quick action can thwart a cyber criminal from encrypting all of a company’s files in one fell swoop.
Small business owner tip: If you’re relying on anti-virus protection alone, you’re vulnerable to ransomware or other malware.
Dark Web Monitoring
Filled with criminal activity, the dark web is not a place you want to go. Still, dark web monitoring can be part of a smart ransomware protection plan. This monitoring acts as another layer of security, keeping an eye out for your massive dumps of data that pertains to your business on the dark web. Knowing that data is out there can help identify a breach quickly and mitigate damage. Dark web monitoring might also tip you off if there’s chatter there about targeting your company in particular, or your industry in general.
Small business owner tip: Dark web monitoring provides a kind of early warning system, but does not safeguard your company or users’ data from being breached.
You can preach and teach about good password practices, but mistakes happen. And those mistakes can lead to cyber attacks, unfortunately. In order to beef up ransomware prevention, use multi-factor or two-factor authentication in your organization. This type of authentication goes beyond standard username and password by requiring users to log in with a code sent to a second device (like a smartphone). While the extra step might feel like an annoyance, it’s nothing compared to the damage and downtime a cyber attack can cause.
Small business owner tip: Talk with your IT manager or service provider about setting up multi-factor authentication today.
Backup and Recovery for Ransomware Prevention
Ransomware is effective because criminals know that data and files are critical to organizations. If your files are encrypted, your business will grind to a halt, unless you have a robust backup and recovery system. Knowing that you can move forward without having to pay a ransom brings peace of mind. A solid backup and recovery system includes both off-site local and cloud storage. Restoring files from a robust backup is the fastest way to get back on track after an attack or breach. These systems should be tested and assessed annually.
Small business owner tip: How often is your data backed up? How quickly could it be restored? These are two topics to discuss with your IT manager or service provider.
Ransomware Prevention for You
When big companies like Garmin are hit with a ransomware attack, it’s big news. Unfortunately, many small companies are targets, too. If you have concerns about your exposure to threats, contact us. We are happy to discuss ransomware prevention steps.
2022 Cyber Security Essentials Checklist
See where your business stands with these 18 critical cyber security controls established by the Center of Internet Security (CIS). Plus see the types of attacks most likely to impact your business.