Ransomware attacks are happening at a speed of approximately 4,000 attacks a day, according to justice.gov. That’s no shortage of evil.
Ransomware is when attackers gain access to files or software on your computer, they take the files and lock it from you, giving only themselves access to it. Then, in order for you to retrieve your files and gain access to them again, the attackers demand ransom money. If you transfer the ransom money to their specific address, you in turn get a code to decrypt which if it works and if you’re lucky, you get your files back. Does ransomware always follow the same script? No and you are unfortunately never assured to come out all clean from an attack.
How likely your business is to get attacked by ransomware, what to do to protect your business, which steps to take if your business has been attacked, and more, will be discussed in this post.
How to protect your business from ransomware
Though no method is ever foolproof, there are definitely some steps your business can put into place to try and protect it from ransomware. Here goes:
1- Have multi-factor authentications for login credentials. Logging in to a software, your email, a remote desktop, or any account on your computer, will generally require a username and password. Having an additional step for identity verification, besides for the usual username and password, is called multi-factor authentication. The additional id verification is just another way in which to ensure the one logging in is the owner of the account and to make it harder for an attacker to get in. Multi-factor authentication can include getting a text to your phone with a code to plug in, or utilizing a hardware token or linking an application on your phone which can generate a one time code. This step is key to the basics of protecting your cyber space.
2- Limit remote applications. Remote applications are often victims of cyber attacks. If you don’t must have remote apps, don’t create them and don’t use them. If it is important for your business to have remote application access, then the best you can do to protect your business is restrict the users of the app, and of course, set up multi-factor authentication for the logins.
3- Have an antivirus set up on your computer. There are loads of antivirus options to install on your computer. Install a reliable antivirus program on all your devices.
4- Secure your emails. An often used way in which cyber criminals attack you is by sending an email to you with an attachment, prompting you to open and download it, or sending you a link pointing to a malicious website. Keep yourself protected and make sure your email is set up to alert you against suspicious email attachments and bad links. Some email services even include advanced scanning for attachments and links.
5- Have good backups. Part of protecting your business against ransomware is being ahead of the game and having good backups. Making sure your data and files all get backed up well will make it so much easier to restore and fix things back in place should anything like cyber attacks happen to you.
Another key to having good backups is to continuously monitor the backup processes to verify they are running properly.
It’s important to note that you should try to have as many protection factors in place, as many as you possibly can. Because, after all is said and done, some protection components, including the ones mentioned above, may sometimes fail. You should always assume that one will fail. That being so, if you have various protection components set up, you’re safer and even if one fails, you have other protections keeping you safe.
Should the business pay
If you set your business up safe and put protectors wherever possible, and still, you were attacked (gasp!), the only way for you to try and get back your hacked files is by paying the ransom fee that the attackers are requesting. In the ransomware world, after you pay the ransom, the attackers are then meant to release the decryption key for the code that keeps your files locked up from you.
Paying the ransom may seem quick and simple because you assume you thereby get your files back and get rid of the criminals. However, it’s not just so.
Even if you do pay them, the attackers may decide not to give you the correct decryption key. And even if they do give you the correct decryption key, it may not work.
The attackers can also come back the day after you pay them saying “We actually stole your files with sensitive information and unless you don’t give us more money, we’re going to start leaking this information out onto the internet”. So you can never be certain that you’ll be getting your information/files/data back.
So you have to make a business decision whether you want to take the risk and pay them, knowing that it may or may not bring your files back to you.
It may be illegal to pay
If you do choose to go with the risk and pay, know that it might not always be correct to pay. Ideally, you should not be paying. Why? By paying, you’re financing and encouraging crime. You can actually be breaking laws if the group responsible for the attack are linked to terror activities, and it is against US law to finance terrorism.
So it is a scary decision to make, and it will involve risks mentioned above.
The freaky thing about the attackers is that they don’t necessarily leave you alone after you think you got rid of them. It’s become more prevalent, especially within the past year with blackmail on the rise, that once a person falls prey, the attackers don’t loosen up. They keep coming back to ask for more money. Once you fall in with them once it’s very difficult to climb out of their clutches. The most important thing you can therefore do is to do all you can to protect yourself and prevent your business from becoming a victim of ransomware.
Stay clear of cheap software
With all this scary talk, you may feel you want to take even more control of the security in your office. Luckily, there’s another thing you can do to prevent ransomware.
All software you install on your computer has the risk of having bugs. Bugs and viruses can lead to attackers making their way into your computer. You therefore want to make a habit of being very careful with the software you install on your computers.
Firstly, install as little software as possible. Keep to the ones you must have and get rid of the ones you don’t.
If you are about to download free or really cheap software, look through it real carefully. The cheap software has less money put into the development of it. The point of such software is to get it out to as many people as possible who will install it on their computers and use it. In the meantime, it may likely have been created who-knows-where by bad people who give it at a low cost or for free and are just waiting for you to buy it, install it, and then to attack you. By installing such software, you may be encouraging ransomware.
Establish a relationship with someone smart
Having an ongoing relationship with someone smarter than you (sorry, some things in life call for someone even smarter than you:) no offense!), can make a huge difference with how you secure your business from attacks.
Consider establishing a contract with an IT \ Cyber Security company to take care of these things for you and make sure your business is well protected. Or make sure you have someone in the know who you can ask your questions of and who can direct you. It’s always easier to have these contacts and relationships set up before the time comes when you need it urgently. So rather than calming yourself that these things won’t happen to you, be smart and reach out to an IT \ Cyber Security company or someone knowledgeable who will be on your case.
Beware of email scams
Another thing to beware of are email scams. Email hackers are big and many people fall prey and lose money like that. What attackers often do is they hack your friends email account and send you an email as if coming from your friend, asking you for the money you owe your friend. In such a case, you become a victim through your friend’s account having been hacked. When you get an email asking for money, if it looks even a bit suspicious to you, CALL UP YOUR FRIEND and ask him/her if they really did send the email and that it’s real. Don’t send the money before you check in with your friend, or associate!
More so, to avoid falling prey and so that you know when an email is out of place, have a system set up. Have your list of who you owe money to, who owes you money, how payments work, and so on. You then will know when an email looks odd and you hopefully won’t fall prey.
Yet another step you can take to protect yourself is to have insurance for cases where you do get hacked and lose information or funds. I recommend all businesses to sign up for an insurance plan which covers against cyber attacks.
What is good about Cyber Insurance is that besides being insured against attacks, in order to get approved for the insurance, you must fit all policies the company has. So you are forced into making sure your business is cyber secure and fully protected from ransomware.
If you fall victim to a cyberattack, the insurance policy will typically provide a wide range from firms specializing in these incidents.