Protect Your Business From Ransomware Through Education and Technology
Ransomware is one of the most common cybersecurity threats for businesses—and among the most potentially damaging. This type of malicious software, or malware, holds data or devices hostage until victims pay a ransom. Attackers use this technique to target not only government agencies and corporations but also small businesses and individuals.
The cost of these threats isn't limited to the ransom. Victims need to spend time, effort and money restoring their systems. There's also the potential for reduced productivity, lost sales, legal fees and damage to the company's reputation.
Reducing the risk of cyberthreats begins with a culture of awareness. You can protect your business from ransomware by understanding the threat, educating your employees and implementing the right technology to safeguard your systems.
Two main types of ransomware
Ransomware is constantly evolving, but there are some common variants. Crypto ransomware encrypts files, altering the data into a form that requires a secret key or password to be decoded. Meanwhile, locker ransomware locks users out of their devices completely.
One machine may be the initial entry point, but the malware can quickly spread to other devices on the network. The attackers may ask for payment in a cryptocurrency like Bitcoin, and they might raise the fee as the days pass. To make matters worse, the thieves don't always unlock the files or devices even after they're paid.
Common attack methods
Phishing emails are one of the most common ways ransomware spreads. These messages look like they're coming from a trusted institution or a familiar individual, like a manager, but they're actually sent by cyberattackers. Often, the emails contain links to malicious websites or dangerous attachments. When you visit the site or download and open the file, the ransomware infects your computer.
Scareware is another common technique that some attackers use. These are pop-ups containing fake warnings that your computer is infected with a virus, when it actually isn't. Then, they ask you to take a specific action, like installing an anti-virus software—but instead, when you follow the prompt, it downloads ransomware and infects your computer.
Employee training is essential
An employee awareness program can go a long way in keeping your company protected. Train staff about how to recognize questionable websites. Teach them the hallmark signs of a phishing email—for example, requests to send money, asking for personal information or an email address that doesn't match the sender's name.
One way to keep your team vigilant is to partner with a third-party vendor that sends simulated phishing attacks. This can help your employees get some practice detecting threats and responding appropriately.
Technology can help protect your systems
Tools like spam filters that eliminate suspicious emails can help further reduce human error and protect your business. Also, install strong firewalls, anti-virus software and other security tools that protect network-connected devices like servers, desktops, laptops and smartphones.
Don't forget to install software security updates and patches regularly. These fix known vulnerabilities that attackers can exploit.
It's also a good practice to frequently back up company data to the cloud or an external device not connected to your network. Uninfected backups help you recover quicker after an attack.
What to do after an incident
A written response plan with specific protocols can help you move forward calmly and swiftly if you do get hit with ransomware. Employees need to know whom to contact internally about an incident, and managers must understand how the business will continue operating.
Employees responsible for minimizing damage can help by disconnecting a hacked device from the network, checking the status of backup files and potentially calling a data recovery specialist.
The US government encourages victims to immediately report attacks to a local FBI or US Secret Service field office. You may also need to contact a lawyer about potential legal requirements, especially if the incident has compromised sensitive customer data.
Then there's the question of whether or not you'll pay the ransom for your data or devices. Although many victims do pay, that's not the recommendation of law enforcement agencies. Payment gives attackers an incentive to continue extortion. If you have cyberinsurance, it may help you recover any losses incurred from a ransomware attack.
While there are good reasons to fear ransomware, preparedness is the best defense. Be proactive in training employees. Purchase robust security tools and update them regularly. Back up your data, and have an incident plan in place. These steps will help protect your business from ransomware and prepare you to respond if you're targeted.
Financial insights for your business
This information is provided for educational purposes only and should not be relied on or interpreted as accounting, financial planning, investment, legal or tax advice. First Citizens Bank (or its affiliates) neither endorses nor guarantees this information, and encourages you to consult a professional for advice applicable to your specific situation.