Ransomware is on the rise, especially for small and medium-sized (SMB) businesses. A TechRepublic survey of 500 executives at SMBs found that nearly half of respondents had already been hit by ransomware and nearly three-quarters ended up paying the ransom to recover their data. Yet, many SMB owners say they lack the time or resources to effectively mitigate the threat of ransomware, which leaves them vulnerable to attack.
Amidst the COVID-19 pandemic, the rapid shift among SMBs to remote work opens additional attack vectors through vulnerable infrastructure and devices, overworked (and also remote) support staff, and “shadow IT” scenarios, in which even well-meaning employees can misconfigure or misuse various collaboration platforms. Attackers have been quick to recognize these weaknesses, and they’ve responded in an unfortunate yet expected fashion—the FBI reports that incidents of cybercrime have quadrupled during the pandemic. Ransomware, especially, poses a risk through financial or business loss, costly downtime, and reputational damage. For some, recovery costs can be unsurmountable to the point of shuttered operations or business closure a result of a major ransomware attack.
We don’t want that to happen to you, and it doesn’t have to.
Here, we look at what you need to know about the rapidly expanding and ever-evolving threat of ransomware against SMBs. Most importantly, we share a combination of security measures you can implement today—like email gateways, secure VPNs, password management, and employee training—to protect your business and avoid the costly damages of a ransomware attack this year.
What is ransomware?
Let’s start with the basics. Ransomware is a type of malware in which an attacker encrypts your files and demands a ransom to restore access to your data. Once the ransom is received, the business receives a decryption key upon payment. However, it doesn’t always go so well – 15 percent of businesses report that data is not decrypted after paying the ransom and thus they remain a target for a second attack. The ransom itself can range from hundreds of dollars to thousands or more.
What makes ransomware particularly challenging is that it can be delivered on numerous fronts, such as socially-engineered phishing scams, in which the attack masquerades as coming from a trusted sender or source, as well as exploit kits and malvertising (online advertising to spread malware). Any digital means can be used to deliver ransomware, including email, website attachments or downloads, business applications, or even via social media.
How to Protect your Business
As we mentioned above, the main reason that SMBs remain a target of ransomware is limited time and resources. While teams may understand the risk of ransomware, many lack the time it takes to research and implement effective mitigation solutions. TechRepublic reports that one quarter of respondents had no plan in place should a ransomware attack happen.
However, there are reasonable measures you can take to reduce the likelihood of a ransomware attack. The common theme among these recommendations is preparation. In general, the goal is to establish and follow best practices and employ a combination of preventive measures to eliminate or reduce the risk of a ransomware attack. Since ransomware can be deployed across multiple vectors, it's crucial to have a comprehensive cybersecurity strategy in place that stops threats across all attack vectors, including network, email, endpoint, applications, and your data center.
To start, we recommend the following combination of measures:
Email Gateways: To automatically detect and prevent inbound and outbound threats.
While ransomware is deployed across numerous vectors, email remains one of the top mechanisms by which attackers access a company’s data. To mitigate this risk, consider an email security gateway to block malicious content from landing in your inbox. Once installed, the gateway is configured to scan all incoming and outgoing emails, including links and attachments, for potentially malicious content. Emails that don’t pass the scan are labeled and either rejected or quarantined. There are many email gateway solutions out there, and it’s important to research your options to select the best and most robust fit for your business.
Secure VPNS: To ensure your users connect securely, even at home.
Advise your employees to only use secured or private password-protected WiFi networks; if they’re unable to access a secure network, ask them to use a VPN. Especially now, VPN remains an important component of a secure, remote workforce. As mentioned above, there is strength and security in coupling the right measures; in this case, requiring multi-factor authentication (MFA) for all VPN logins will further prevent intrusion and access from nefarious actors. And make sure VPN exists for all devices, including tablets and mobile devices and when using mobile devices as a hotspot.
Password management: Get better at passwords and follow best practices like MFA.
Advise your employees to set strong passwords and avoid reusing passwords. Despite the ubiquity of login credentials, many organizations continue to set weak passwords or use the same passwords across multiple sites. Educate your employees on how to set strong passwords and consider using a password manager. Password management, in general, refers to the ability to centrally manage and store passwords within an online “password vault”. This vault also helps you and your IT team remember all of those strong passwords.
Your people: Invest in effective employee education!
Proper cybersecurity training is key to prevent attacks. Remember, especially with a remote workforce, your systems are only as secure as your people. Invest in education to help your staff learn how to spot phishing emails, follow safe browsing practices, pick a proper password, and more. One effective and engaging approach to help your staff recognize threats is with a series of “tests”. Show your staff several examples of ransomware or phishing emails and ask them to click or not click, depending on how safe they think the message is. After each example, pause to discuss their rationale and why they did or did not make the right decision in each case. For more, see this post on best practices for effective cybersecurity training for your staff.
Establish a backup and recovery plan for a last line of defense.
A robust backup and recovery strategy can help you quickly restore your data from backups to avoid paying a hefty ransom in the first place. A solid plan can make all the difference if – or when – your company suffers unexpected data loss to get you back on track as quickly as possible. A few tips here include:
Identify critical functions and infrastructure: Take stock of your critical IT functions and create a list of the tools, platforms, processes, and infrastructure that is critical to your operations.
Create an accessible emergency contact list: In addition to employee contacts, create an updated list of critical vendors you might need to contact in the event of an emergency, such as hardware or internet providers.
Prepare for disaster: The best way to recover from a disaster is to prepare for one. Spend time now to think about and address the most likely threats to your IT environment, such as natural disasters, power outages, pandemic, cybercrime, and human error (internal threats).
Partner with an expert: It may be beneficial for your business to partner with an expert to build your backup and recovery plan, for on-premise or cloud backup. There's a range of providers available to suit your unique needs and requirements, including N8 Solutions.
The risk of ransomware is real. Don’t let limited time or resources be the reason you remain vulnerable to an attack this year. The right security partner, like N8 Solutions, can provide affordable and actionable solutions to protect your business, leaving you time to focus on what matters, the business itself.
Please get in touch with us today and tell us more about your security needs.