Tips to Keep Your Business Safe from Ransomware Attacks

Ever since the famous ‘WannaCry’ ransomware attacks started affecting millions of computers connected to the World Wide Web, the term ‘Ransomware’ has become Internet famous, and rightly so. Ransomware attacks can happen to anyone at any time, which means keeping yourself and your organisation safe from such malicious attacks should always be a cyber security priority.

Let’s first understand what we’re dealing with here. Ransomware attacks give the hacker control over a computer system by restricting access to the operating system until the victim agrees to pay a ‘ransom’ in the form of untraceable cryptocurrency like Bitcoin. Ransomware attacks are also highly effective for hackers as decrypting the data locked by the ransomware attack is a tedious and sometimes impossible task, leaving many with little option but to either pay up the ransom or assume the data as lost. Often times, paying the ransom is also pointless as hackers can just take the money and run, leaving you with a useless block of encrypted data and a lighter wallet.

Small businesses sometimes run with the misconception that they’re less likely to be hit by a ransomware attack, as it would be more lucrative for hackers to target larger organisations. However, SMEs are more vulnerable to ransomware attacks for three reasons.

• Their security protocols and disaster management plans solutions may not be as detailed or effective as those of larger organisations, making them easier targets.

• Some hackers see SMEs as a route into a larger organisation’s network, which means targeting the smaller, less secure company might reap benefits if the larger company is willing to bail the smaller one out—assuming the hackers have their hands on sensitive data.

• Larger organisations usually have a disaster recovery plan that involves taking periodic backups of the encrypted data. This means they can safely wipe the systems that are infected and replace the data with that from the backup. SMEs, however, generally have no disaster management plan in place, and may be forced to pay up the ransom to retrieve their data.

No matter how large or small your organisation is, it is important that cyber security protocols be put in place to protect it from malicious ransomware attacks. So, what are a few basic steps you can take to keep your business safe?

1. Take regular backups

Keeping a backup of sensitive data on a separate isolated system is the most effective way of ensuring that even if you find yourself a victim of a ransomware attack, you can simply retrieve your data from the backup and pretend like the attack never happened (of course, you may want to revisit your cyber security strategy). Cloud-based backup systems are also a good option, as you can replace the encrypted data with a saved, unencrypted version of the affected files from before the attack happened.

2. Educate your employees

You won’t be surprised to know that the most common way ransomware infects computers is when users unknowingly download malicious programs or click on links that inject the ransomware script into their private network. Educate your employees about the dangers of visiting suspicious websites and opening attachments from unsolicited senders. Make sure you have a sound IT policy in place that outlines the best practices of surfing the web safely and encourage your employees to follow it by explaining the repercussion of what happens when they don’t. 

3. Keep software up to date

Software updates are primarily pushed to patch security flaws, which makes out-of-date software music to a hacker’s ears. Thus, leaving your computer programs outdated is almost an invitation to a hacker to try and infect your computer with whatever malware they can throw at it. Keep your IT team on their feet and ensure all systems are installed with up-to-date software. This includes operating system updates, VPN's and more importantly, updates to your antivirus software.

4. Choose business partners wisely

If you’re extremely unlucky, you can find yourself the victim of a ransomware attack through a proxy. For example, you may choose to share sensitive data with a client or vendor only to find out later that their network has been compromised. To avoid falling into such a situation, try doing a background check before taking on a potential client or vendor and ensure they have sound IT security protocols and policies in place.