Ransomware threats have been on the rise since last year, with the National Cyber Strategy 2022 now calling this the most significant cyber threat in the UK.
Still unsure what ransomware is? Here’s a quick definition for you. Ransomware is a type of malware that makes the data or system it infects unusable until the victim pays the ransom. The attacks are mostly spread through malicious links in emails or corrupted websites. The cybercriminals generally demand ransom be paid in cryptocurrency and the company’s data and files are held hostage until money is received.
Now, I don’t want to alarm you too much, but every company is at risk here
According to Direct Line Business Insurance, just 26% of small business professionals see cybersecurity as a top priority. But unfortunately, no company is immune from cybercrime, especially ransomware.
Larger companies are more under threat, as they’re more likely to pay up. However, ransomware attacks do not solely affect them but are also a growing threat to SMEs and anyone who has put their data online. It’s crucial to take the right pre-emptive steps and adopt a ‘defence-in-depth’ approach (layers of defence with different mitigation techniques at every layer).
How to protect your business from ransomware?
One of the simplest and most effective ways to recover from a ransomware attack is to make regular backups. Try to regularly backup your most important files, store them in a different location (offline backups) or make multiple copies using different backup solutions and storage locations. Moreover, make sure backups are protected from all kinds of malware and they are connected to protected devices before recovery.
To ensure extra protection, backup accounts and solutions should be protected using Privileged Access Workstations (PAW) and hardware firewalls should be enabled to enforce IP listing. IP listing is a way of giving access to your businesses’ network, files, and data to a trusted individual remotely. Multi Factor Authentication (MFA) should also be implemented, and the MFA method should not be installed on the same device that is used for the administration of backups.
To stop malicious content being spread onto other networks and devices, a few steps can be taken:
- Use mail and spam filtering to prevent malicious emails and harmful attachments
- Intercept proxies to block malicious pop-ups and websites
- Implement internet security gateways to ensure active inspection of content being downloaded
- Regular checks and removal of old users to control the spread of any damage
- Keep all devices and software up to date with MFA enabled security checks. Also enable hardware firewalls so they can enforce IP listing.
Taking an in-depth defence approach assumes that your system is bound to get attacked by malware and the following steps would prevent the malware from running.
- Centrally manage your system so that devices can only use applications that are trusted by the company
– Keep the software up to date
- Enable automatic updates for applications and ensure security updates are installed as soon as they are made available
My business has been hit. What do I do?
In case your company has been hit with malware, the following steps are very crucial to minimise the impact and loss.
Firstly, immediately disconnect the infected devices from all wired and wireless connections. Make sure you are not locked out of systems needed for recovery and reset all passwords. Ensure the backup is not infected and is later installed on a clean device.
Then, safely reset the infected devices and reinstall the system. Finally, install, update, and run antivirus software. Keep on monitoring your system closely to ensure no infection remains.
If any of this is striking a chord and you feel like you could do with some support, feel free to reach out to our team on 0800 440 2100 or contact us here.