Ransomware has made a lot of headlines this year:
Ransomware threats continue to climb as attacks become more sophisticated and effective.
But you run a small- or medium-sized business, so who cares? Hackers are going after big money, right?
Nope. In 2019, small businesses made up 71% of ransomware targets.
How do you protect yourself? Here are some ransomware prevention best practices for businesses just like yours.
Ransomware is software hackers use to access your data. Once they’re inside your network, they can view sensitive information and block you from accessing your device or network data. This type of cyberattack earns its name, as ransomware hackers offer to unlock the data if you pay a hefty price — often in cryptocurrency.
However, paying the ransom offers no guarantee that you’ll regain access to your data or that the hackers haven’t downloaded your data with plans to sell it.
The FBI advises that you don’t pay the ransom, but instead contact the FBI immediately. The sooner you contact the FBI, the more effective its help will be.
A small business could go bankrupt over a ransomware attack, so you need to stay vigilant. Here are five ransomware prevention best practices:
Seriously. Do it now.
Remote desktop protocol (RDP) — allowing outside access to an internal server or workstation — is an easy way to get hacked. Remote desktop protocol has long been the most popular initial ransomware attack vector. Just turn it off.
You can place your RDP behind a virtual private network (VPN) or a firewall. These can’t completely protect you from ransomware attacks, but they will leave you less vulnerable.
Have a plan in place for when software and operating system patches come out. Make sure these patches are installed ASAP so you don’t leave yourself open to vulnerabilities. You can install the updates after hours or on the weekend so you don’t interrupt services.
Windows 10 and 11 do automatic patch updates. However, it may help for your business to update these manually so you don’t accidentally make certain online services temporarily unavailable.
Strengthen your security by using a strong firewall. Make sure the firewall’s firmware is always up to date. Plan to check for updates quarterly on all network devices.
Your business should have virus protection that’s proactive — alerting you when threats are found.
For example, we use Vipre for all of our clients. When it finds threats on a server or workstation, we get instant notifications. We send an email to the client to say we found something suspicious that they should review.
Don’t let your customers or bosses discover viruses the hard way!
End-user education is critical. Everyone with access to your accounts and network devices needs to be a part of preventing a ransomware attack. They should know to:
Failure to follow this advice could have disastrous effects. A compromised password was all it took for the Colonial Pipeline to shut down.
When you get hit with ransomware, how do you recover?
Create and use a ransomware backup strategy. Having a backup ensures you won’t be locked out of critical files. If ransomware strikes, you can wipe your computer and reinstall your files from your backup.
Make sure your backups are running. Consider holding your backup files outside of your network using off-site backups or cloud-based backups.
We can help you develop policies on backups and make sure they fit your business’s needs. We also offer encrypted backups for information that needs to be secure, like medical records.
We can also help you develop ransomware prevention best practices that help protect your company from an attack.
Contact us for your free IT consultation.
Also, enjoy this guide to help your small business develop a cybersecurity plan.