The sad, unfortunate reality of living in the 21st century is the world is full of scams, danger, and hackers looking to steal data or extort businesses for financial gain. In recent years, ransomware has become one of the top threats facing most industries today. Avoiding it is critical to running a successful business and preventing data compromise. As time passes, ransomware threats are becoming bolder and more prevalent across a large variety of different industries. Here are five tips for avoiding ransomware attacks at your organization.
Understand The Threat
Contents
The definition of ransomware can be succinctly summed up as “any type of malware that encrypts a user’s files and holds them for ransom.” But diving a bit deeper into what is ransomware requires more finesse and attention to detail. Ransomware, as a concept, isn’t difficult to grasp. It is merely a type of malware that encrypts files then holds them for ransom in return for a decryption key. These are developed to extort companies for financial gain. It targets a lot of different commonly used files. These might be image files, Microsoft Office files, spreadsheets, programs, audio files, video, and just about anything that your organization uses in its daily operations. In a successful ransomware attack, these all become encrypted and can no longer be accessed without that decryption key. This renders them useless and without a backup from which to restore them, the business can be negatively impacted. This might lead to disruptions and service, the inability to provide services, being unable to accept payments, or compromising the data from the organization (financial, business, and personnel related data included!). Many times, ransomware accesses the system via a successful phishing attempt. Once on the network, it’ll scan the servers and network for any files that it can encrypt and proceed to do so.
Watch Out For Suspicious Emails
Phishing attempts are ubiquitous and nefarious. Disguising themselves as legitimate emails from reputable sources—some even going so far as to mimic the appearance and interface of a well known site—phishing emails attempt to convince users to follow a link and enter personal information. This might lead to comprising your data, passwords, and other pertinent information. Think of it like getting homeowners insurance quotes. When you’re doing something like that, it’s vital to keep your wits about you, pay attention, and watch out for fraud. It’s the exact same concept with a phishing email. Successful phishing attacks lead to big problems, so stopping them in their tracks ultimately becomes a good strategy for avoiding possible ransomware attacks.
Use Strong Passwords
Yes, we know: passwords can be a pain in the neck sometimes. Never use easy or single word passwords. These are easy to crack and will often lead to problems. It’s best to have a mix of capital, lowercase, numbers, and symbols to get the most out of your passwords. Never use the same password for multiple accounts. Consider using passphrases instead of passwords. Passphrases can be quite secure and definitely lead to less possibility of intrusions. Complexity matters. Also consider using multi-factor authentication or two-factor authentication to increase the security of your login systems.
Make Regular Backups
Sometimes the best mitigation method for a ransomware attack is to have an ounce of prevention in place as a buffer. Backups serve this function admirably. It’s already a good idea to keep regular backups of your files and other important documents. But when you’re running an organization that might become a target for a ransomware attack, it’s ideal to make sure you have a robust backup in place just in case you need to restore your system from it at some later date. Consider using the 3-2-1 backup method for this. In this method, you have three backup copies of your data. Two of them should be local backups contained on different types of media. The third should be located off site. That way, it can be accessed if the other two become compromised. In this manner, you have the three initial backups, to a cross different mediums, and one off site. Hence, the 3-2-1 backup method. This can be a powerful way to maintain your backups and to create a sense of security at your organization—along with creating a hedge against possible ransomware attacks in the future.
Don’t Pay The Ransom
Sometimes, one of the best things you can do to protect yourself is not to pay the ransom at all. The FBI actually recommends not paying the ransom for a variety of reasons. Chief among them is the simple fact that it only serves to embolden attackers to continue attempting when somewhere exploits and there’s really no guarantee that they’re going to provide you with a decryption key. Imagine parting with a large amount of money or cryptocurrency only to find you still can’t access your files. It’s not a great situation to be in and there are many cases where the company ends up paying the ransom anyway. Unfortunately, there are no guarantees that you get that decryption key so ultimately deciding not to pay the ransom is up to the individual companies.