Ransomware has been a malicious threat for a while but has become much more prolific in the past ten years due to a variety of factors. As our businesses move more daily operations onto computers and connect more and more software and tools to those devices, the incentives for attackers grow. While there are some things we can do to build more resilient protections into our systems and antivirus tools, the field is generally tilted in favor of the attackers.
Luckily, there are steps we can take to mitigate the risk of being targeted, and to ensure that if an attack does happen, there are sufficient backups in place to get back up and running with minimal downtime and impact on customers.
Understanding the Ransomware Landscape
One aspect of ransomware that is often overlooked is how the term serves as an umbrella for a certain class of attacks, all involving attempts to compromise business-critical data. Most ransomware involves an encryption virus that scans a computer or network for business data and encrypts it using the same powerful algorithms typically used to keep attackers out. However, in this case, since the attackers are the only ones with the decryption key, the data becomes unrecoverable for the business.
But this is not the only concern. Some ransomware viruses attempt to exfiltrate data either before or after encrypting it. This means that even if a business has backups that could be used to recover operations, the attackers still control a copy of the compromised data. They can release it at any time if the ransom is not paid.
Depending on the type of data compromised, releasing it could cause serious harm to customers or the business. If it’s a medical office, the data might contain sensitive patient information covered by HIPAA laws. If it’s proprietary intellectual property, the release could give competitors an edge. Even if the data isn’t highly sensitive, the release will almost always cause reputational damage to the company involved.
Ransomware really is no joke!
What Can You Do to Protect Your Business?
- Keep Your Software Up to Date
Regularly update your software to ensure you’re protected against the latest known vulnerabilities. - Use Endpoint Detection and Response (EDR) Tools
Deploy a complementary suite of Endpoint Detection and Response (EDR) tools to monitor suspicious activity on any computer with access to sensitive data. - Limit Employee Access to Data
Institute reasonable policies for employee access to data. Minimize who has access by following the “Principle of Least Privilege,” which states that users should only have access to the minimum amount of data and permissions necessary to do their job. This way, if a user’s machine is compromised, the breach is limited to only the data they have access to. - Maintain Consistent Backups
Ensure regular backups of company data that can be used to recover operations without paying a ransom. Be careful that these backups check actual content and verify that data hasn’t already been encrypted by malicious actors. If a backup overwrites clean data with encrypted files, it might be your only hope of recovery gone before anyone realizes something is wrong. - Train Employees on Cybersecurity
Help your employees understand that cybersecurity is not just the IT department’s job, but a responsibility shared across the organization. Hold regular trainings and tests to help employees recognize suspicious “phishing” emails, which are the most common threat vector for malicious code. - Review Your Cybersecurity Insurance
Make sure your cybersecurity insurance policy provides appropriate coverage for ransomware attacks. You do have a cybersecurity insurance policy, right? If your business relies on computers or electronically stored data, you need a policy to cover those assets. Just as you protect buildings and equipment with insurance, you should also have coverage for the modern-day equivalents stored on hard drives and in the cloud.
If you already have cybersecurity insurance, regularly review the requirements laid out in the policy. If you aren’t implementing the evolving safeguards required by the policy, you may face a nasty surprise when trying to claim against it. The company may deny your claim if the breach occurred because some basic safeguard was improperly configured or not set up at all.
Prepare for the Worst: Make a Plan
You should have business continuity and disaster management plans in place not just for ransomware, but for any unforeseen disaster that could take your IT systems offline. Your plan should consider how to recover from backups and prioritize which processes need to be restored first. This ensures your core business can continue operating at some capacity, allowing you to generate revenue while you sort out the less pressing issues caused by a breach.
A Broader Perspective on Protection
While protecting against ransomware can be a daunting task that requires focus, perseverance, and sometimes significant expenditures, the process also helps you analyze your business from the ground up. This allows you to identify exactly which parts of your business rely on technology and how you can protect them from a wider range of threats, not just ransomware.
There is no foolproof way to completely protect yourself from bad actors online, but there are plenty of steps we can take to frustrate their efforts and avoid becoming an easy target. As more of our business relies on computers, the sophistication of attacks will continue to increase. But by doing our best to frustrate attackers, we can also make our businesses more resilient and better run in the process.
Reach Out to Your IT Provider
If this blog post sparked any questions about cybersecurity, ransomware, or your company’s general IT infrastructure, take this opportunity to chat with your trusted IT provider. If you don’t have a provider or are looking for a change, we would be happy to chat, you can find a contact form below or give us a call at 207-464-0640.
- Keenan Technologies
“Portland’s Trusted IT Partner”
