In 2021 three out of four organisations fell victim to ransomware attacks globally. With hackers using more complex ways to gain access to sensitive data it can be hard to stay ahead of the game and ensure all areas of your business are protected from security threats.
What is ransomware?
Ransomware is malware or malicious software that employs encryption to hold a victim’s information at ransom. A user or organisation’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. Ransomware attacks are a growing threat to businesses and generates billions in payments to cybercriminals as it can quickly paralyse an entire organisation.
Ransomware often happens when victims mistakenly download malware through email attachments to links from unknown sources. In many cases, the victim must ensure the ransom is paid within a set amount of time or risk losing access forever.
With 75% of organisations worldwide attacked through ransomware last year, 64% of companies paid the ransom, yet nearly 4 out of 10 of them failed to recover their data.
However, there are policies and practices that can be put in place to lower the chance of falling victim to a cyberattack.
Cybersecurity Awareness Training
Even with the best software in place to avoid a cyberattack, this can all fail due to human error. All staff should have cybersecurity awareness training, so they are able to spot a potential cyberattack or phishing attempt.
Regular training also builds a culture of security so all employees will stay cyber secure and understand the core values and benefits of cybersecurity. Companies can also run phishing tests on employees to give real-world examples and test if employees are able to spot a phishing or ransomware attempt.
Password Hygiene
Passwords provide the first line of defence against cybercrime and are the starting point for good password hygiene. The National Cyber Security Centre (NCSC) – which is part of GCHQ – advises that to create a strong password, it should consist of three random words. The key reason for this is that three random words create a password that is strong enough to keep accounts secure but are also easy to remember.
Applying three random words to password security is also more effective than a traditional approach as these types of passwords can be difficult to remember and guessable for cybercriminals. In addition to using the three random words process, a password manager should also be used to ensure password hygiene is maintained and usernames and passwords are protected from cyber threats
Two is Better than One
While choosing a strong password and using a password manager is a great place to start for securing an account, this is often not enough as it is still possible to fall victim to a replay or phishing attack. Multi-factor authentication reduces the risk of these attacks by adding another layer of security.
With multi-factor authentication when a user enters their password to login, they also need to use an authentication app or biometric authentication to finalise the login. This process means that even if a cybercriminal has access to a user’s password, they will be unable to fraudulently login unless they have the access to the victim’s phone and PIN.
Secure Your Devices
All company and personal devices, including laptops, phones, and tablets should have security measures in place to ensure they cannot be compromised. All devices should have a secure password, be running a firewall and antivirus, and only be connected to secure, trusted networks. Finally, updates to systems and software should be run as soon as possible as without updates this leaves devices vulnerable to compromise.
Backup Everything
To avoid significant downtime or loss of data and profits due to a ransomware attack or data corruption, it is of the utmost importance that files and servers are backed up often.
We offer backup and storage solutions as one of our services to ensure organisations don’t fall victim to data loss or corruption. One of the core elements of business continuity is backup and storage solutions, and being able to retrieve business-critical data easily when something goes wrong can ensure your business can operate seamlessly,
Think Before You Click
Whenever an email or message is received with an attachment or link employees should always consider whether it is safe to open. If the email is not from a trusted sender, attachments and links should never be opened.
Even if the sender is trusted, if the email or link seems odd it should not be opened. Regardless of the sender or what the attachment is, it is always safer not to open them, as this is the most common vector for ransomware attacks.
Regardless of the size of a business, its revenue, the industry it is in, or the amount of sensitive data it has access to, cybersecurity should always be high on a company’s list of priorities. If a company falls victim to a data breach or ransomware attack it can cost the company a significant amount of money – but even worse, it can damage their reputation and erode the trust of its customer base.
It is important to remember with data breaches and ransomware attacks, prevention is better than recovery. These tips are a great foundation to secure a business, however, there is always more that can be done to safeguard against an attack. If you want to find out more about keeping your company and customers safe, get in contact with us today.