Ransomware attacks on small businesses are a growing and dangerous problem in the UK. According to recent research, almost half of UK businesses have been infected with ransomware in the past two years. It’s clear that ransomware is something you should be wary of.
A ransomware attack takes the form of a virus encrypting your company data, and then demanding a ransom to release the data back to you. This means, unless you pay up, you could be left without all of your documents, customer data and many of the services modern businesses rely on. Not only that, even if you do pay, you’re not guaranteed to get your data back.
Ransomware attacks can grind your business to a halt, so it’s essential that you do everything possible to protect your small business from ransomware attacks. Here are 6 key steps to safeguarding your business:
1. Back-Up Regularly
If you ensure that your data is regularly and securely backed-up, you will at least continue to have access to it in the event of an attack. This is essential for the continued running of your business. Whilst the perpetrators of ransomware attacks will demand a fee for the return of your data, the implications of not being able to run your business could hold even greater financial costs.
Still having access to your data puts you in a stronger position if an attack does occur and can minimise any lasting damage, particularly if you never manage to recover your data. Ensure that any back-up drives are not left connected to your network as this could lead to them being encrypted in the attack as well. Create a regular back-up schedule and ensure that back-up drives are disconnected when not in use.
Of course, these are damage limitation measures that could minimise your losses in the worst case scenario. There are plenty of things you can do to stop ransomware attacks from happening at all...
2. Implement Layered Security
To help prevent ransomware attacks, just using a firewall is not enough. You need to implement strong security that can cover your business systems in as many ways as possible. Use a comprehensive anti-virus package that can identify threats and flag up anything that could contain ransomware.
You should also be using web and email scanning software to monitor employee emails and scan them for any threatening files. These dangerous emails can then be sent straight to spam, rather than your inbox, removing the potential for employees opening and actioning them by mistake.
3. Train Staff Thoroughly
As a key developing threat, you should be training employees to spot the signs of ransomware and to be vigilant when browsing the internet, opening emails and communicating through digital mediums.
Malicious emails are still the most common way of delivering ransomware, so train employees to notice the key signs that can give away a an attempted ransomware attack. Emails will often come from addresses that look familiar but have subtle differences, such as firstname.lastname@example.org rather than email@example.com - but there are still many other ways that you’ll need to educate your staff about.
If staff are vigilant and careful when working online, they can spot and avoid malicious emails that could contain ransomware.
4. Control Staff Permissions
A common method for running ransomware attacks is through a ‘.exe’ file. These are files you’ve probably seen before, and are used for installing new software on a PC. If you open one of these files without being sure of its origin, it could contain ransomware. Where you may have been expecting to install a new version of Microsoft Word, you might end up with something very different indeed.
You can control staff permissions for running these files, meaning they can’t be activated without an admin password. This gives you full control over the software installed on company computers, and prevents employees from running ransomware by mistake.
5. Stay Up-to-Date
Criminals that use ransomware love to exploit weaknesses in out-of-date software. Regular software updates usually include security fixes and improvements that can keep your system secure and help prevent ransomware from gaining access.
You should implement regular checks in your business to ensure that all software is kept up to date and running on the most recent version. Update regularly or use automatic update features that will install updates as soon as they become available.
6. Employ End Point Management
The final step, and one that’s incredibly important, is to implement an ‘End Point Management’ system in your business. This is a system that can monitor and control all of the devices (or end points) that can access your company network.
Having an End Point Management system gives you the ability to control access to your system and set stringent criteria that any devices trying to join must meet. For example, you could stipulate that any device connecting to your network must have a certain level of anti-virus protection.
End Point Management is a fantastic tool for minimising the risk of ransomware attacks and maintaining control over your company network. Having control over the devices in your network allows you to effectively implement other steps in this list such as maintaining security, updating software and controlling permissions.
Ransomware is a threat that small businesses should take seriously. If you don’t put the correct procedures in place, you could leave yourself open to attack. Not only that, but once you’ve been successfully targeted once, you may even be marked for targeting again and again.
Follow these key steps and make sure that your small business is protected from the threat that ransomware poses. At YTL we can work with you to build and maintain a strategy for keeping your systems safe and secure. If you’d like to find out more, just get in touch.