This is the second article in a two-part series on Ransomware and the Small/Midsize Business. Click through to view part one: What is Ransomware?
It’s Monday morning. You just sat down at your desk and you’re determined to start the week with a clear inbox. That’s when it happens. Without thinking, you download a seemingly innocuous attachment without double checking the sender. Suddenly, a popup flashes across your screen:
All your documents, photos, databases and other important files are encrypted. The only method of recovering files is to purchase a unique private key. Only we can give you this key and only we can recover your files.
Your heart sinks. You’ve been hit with ransomware. Questions race through your mind: How did they get through our firewall? What do we do now? How is this going to affect our operations?
Hopefully this situation hasn’t played out in your office. If it has, take a deep breath—you’re not alone. A June 2018 report from McAfee Labs identified over 16 million strains of ransomware. How many attacks is that? The subversive nature of ransomware makes it difficult to identify the exact number, but experts estimate that a business falls victim to ransomware every 14 seconds—chew on that for a minute.
Four organizations have just fallen victim to ransomware in that minute, and the number is only expected to increase as new strains are introduced. What’s more? SMBs are particularly vulnerable to this type of attack because they have smaller IT departments and/or fewer resources to invest in the latest prevention technology.
“So, what’s the best way to avoid ransomware?”
Ransomware is a formidable opponent, but there are ways to protect your organization from attack. Like other issues of IT security, experts recommend a multi-pronged approach. The best defense for ransomware is a combination of:
- Education – It’s critical that your users understand how ransomware is spread, and the danger it poses to your organization. Share examples of ransomware emails and provide a clear process that outlines the steps a user should take if they identify a threat.
- Software & Patches – Maintain up-to-date antivirus and anti-malware software. Double check that all business applications are current with the latest security patches.
- Backup Management – Invest in a business continuity/disaster recovery solution (BCDR) that creates regular backups and data recovery points. A properly configured BCDR program will allow you to roll-back your data to a point before the corruption occurred in the event of an attack.
Don’t put it off another day. Schedule a comprehensive risk assessment with one of Knight’s experienced cybersecurity consultants and take the first step toward a more a protected IT environment.