Just a couple weeks ago, I talked about What is Ransomware and explained how the threat is very real to both small businesses and larger organizations. We discussed how it could end up costing your business big if appropriate precautions are not implemented. Now let's take a few moments and learn more about what some of the precautions are to help avoid ransomware and help protect your business from cyber security threats and vulnerabilities.
Here are 6 Ways to Avoid Ransomware
1. Keep an inventory of all your data
Before you can keep your data safe, you must be aware of exactly what you have and where it's located. The last thing you want is for hackers to go after data you didn't even know you had. Does all of your company data reside on a single server in the closet in your office? Are you using any cloud services or applications such as QuickBooks Online, Salesforce, Adobe Creative Cloud, Google G-Suite, Dropbox, Microsoft Office 365 or others? Are you using a cloud backup solution or perhaps even still rotating tape backups offsite? Make a list of everywhere your company data exists. This is one of the most simple yet most important steps to take to help avoid ransomware and other risks to your business. Always know where all your data lives.
2. Back up data regularly
Of course, backing up your important data is something you should be doing anyway, right? It's particularly helpful as a method to fight back against security threats and in particular, help avoid ransomware. If you can feel confident that your ransomed data has been backed up recently, the threat posed by potentially losing that data won't seem as big of a loss. The need to pay the ransom quickly fades if you already have a reliable backup of your company data. All data backup strategies need to include using a cloud based backup or offsite backup solution. This helps to ensure that your company data resides on a secure, offsite storage platform, which creates separation between the original, on-premise data and the data copy. This simple backup strategy will help to minimize your risk of a ransomware attack but also help minimize your risk in the event of a flood, fire, theft or other disaster that could hit your company office and equipment.
3. Train staff on appropriate cyber security measures
The weak link that allows ransomware to enter an organization is almost always going to be an employee doing something they shouldn't be doing. This could be clicking on suspicious email attachments, downloading applications from unverified sources, or accessing compromised websites. This could also be an employee writing their password on a sticky note attached to their computer monitor. This is a much more difficult risk to protect against because it requires training and consistent education. Teaching your employees basic security practices is a great way to limit your exposure to ransomware. In fact, we know training your employees is so important to maintain proper security for your company that we offer security training in our Managed IT Services offering for Small Businesses.
4. Don't put all your eggs in one basket
If you put all your company's data in one big bucket that can be accessed by anyone in the company, you're effectively ensuring that all your company data is at risk, no matter where the ransomware originally enters the organization. Let's assume for a moment that your company will get hacked at some point and your data will be held for ransom. If those hackers were only able to compromise one of your systems that actually only held 20% of your company data, that would drastically decrease your loss and risk. It would be much better to only have some of your company data held ransom then all of it.
The way to limit your risk is to segment your data. One way you can do this by using different systems on location at your company and by leveraging cloud services and cloud backup solutions. Segmenting your data can keep the risk you face from any one attack as small as possible.
5. Know what to do when an attack occurs
Just like everything else in business, you need to plan in advance for malware, to ensure you don't find yourself forced to make decisions on the fly after an attack occurs. It's much easier to make rational decisions before a breach happens then during the heat of the moment. Think about how you're going to keep employees and customers informed about the threat or breach, and whether or not you intend to pay the ransom if in fact there is one. How will your business continue to function during this time when your data is held ransom? Having a plan for a cyber security incident is key.
6. Work with a managed security services partner
As a small business owner, you may find you don't have the time or even the specific knowledge required to effectively protect your company against the threat of ransomware, let alone other threats. The cyber criminals are getting more sophisticated quickly and it is challenging to remain current with the key cyber security threats and vulnerabilities.
Working with a managed security services provider (MSSP) can take this burden off your shoulders and help to avoid ransomware and other threats. A team of knowledgeable security professionals will proactively manage your technology environment to make sure you are as secure as possible. Typically, a MSSP will provide managed firewall and intrusion detection, advanced content filtering, device encryption, password management services, security policies and compliance reporting. The whole idea of using a MSSP is to take the burden of security responsibility off of you so that you can focus on what you do best... running and growing your business!