Last year, more than half of US businesses targeted by ransomware elected to pay criminals to recover their data. It’s hardly any wonder cyberextortion is a growing black-market industry affecting millions of businesses and individuals the world over. But much like any other form of malicious software, most ransomware attacks can easily be avoided.
Here are five ways you can protect your business from the growing scourge of ransomware:
#1. Always have an off-site backup
Of all the cyberthreats out there, ransomware should be one of the least concerning. After all, if you have your data safely backed up in an off-site location, there shouldn’t be any motivation to pay a ransom if you’re attacked. It’s important, however, that your backups exist separately from your primary network, preferably in the cloud with multiple redundancies and failovers, so there’s minimal risk of them being infected too.
#2. Be wary of email attachments
A lot of ransomware arrives in the form of an email attachment. Often, these emails appear to be from an individual the victim knows, and may even come from a legitimate email address that has been compromised. While most malware will never see the light of day if you have a decent spam filter in place, you should never take them for granted. Always verify the sender if you receive an email attachment, especially if you weren’t expecting it. Also, be wary of ZIP files, executables, and other compressed archives. Word documents and other files can also contain malware in the form of malicious macros.
#3. Train employees to recognize scams
Information security starts and ends with your employees rather than with the administrative controls put in place to protect your data. No amount of technological solutions can overcome human ignorance and unpreparedness, which is why social engineering scams exploit human error to spread ransomware. It’s the most popular malware delivery method of all that simply dupes an unsuspecting victim into downloading ransomware. Employees must be trained to recognize these scams.
#4. Update all your software
Much like other malware, ransomware often exploits outdated operating systems and other software that are no longer supported by their original developers. One example is Windows XP, for which Microsoft made the unprecedented step of releasing a critical security update, long after support had ended, when the WannaCry ransomware struck back in 2017. Update all your software, and retire any assets that have reached the end of their support life cycles as soon as possible.
#5. Use multilayered security
Up-to-date antivirus software should keep out most forms of ransomware, but it’s not nearly enough by itself. In fact, if your antivirus software intercepts a malicious file, it means it has already made its way past your network. That’s a very bad sign in itself. You should always protect your network at the source as well, using unified threat management software (UTM), which incorporates firewalls and intrusion detection and prevention. You can take protection a step further by having a managed services provider (MSP) monitor your network from the outside and from within, 24/7.
Midwest Data Center focuses on providing the best technology solutions for the unique needs of your business. Get in touch today to find out how.