A recent report uncovered startling trends in ransomware attacks:
- The frequency with which they occur
- The markets most heavily targeted and
- Its impacts on a business.
In our work with clients to prepare business continuity and disaster recovery plans, we know the first line of defense is a good offense. We also know human error — inadvertent or malicious — needs to be accounted for.
A business owner needs to have measures in place to protect the business rather than scrambling to shut the door once the data has left the “building.” Even with all proper measures in place to protect the integrity of data and the privacy of your data and records, ransomware attacks can still occur. The smarter we Business Continuity and Disaster Recovery Specialists (BCDR) become, the smarter the hackers have to be to thwart our measures but many still continue to breach cybersecurity.
How to protect your business from a ransomware attack is something we work with our clients to develop.
Ransomware is the most common threat facing small- to medium-sized businesses; it’s crucial you protect your business and its data.
When we work with clients to put a data recovery and business continuity and disaster recovery plan in place, here are a few of the steps we take:
- Business continuity is a must. Just as a retailer needs to know how he will keep foods frozen if the power goes out, a business that deals in data need to know how it will remain viable and not experience considerable downtime if a ransomware attack occurs. Business Continuity and Disaster Recovery (BCDR) is your strongest line of defense to combat ransomware attacks. You may not be able to prevent all ransomware attacks, but perimeter protection, installing software patches and using antivirus software are crucial. Your BCDR solution needs to be one that can be easily, reliably and quickly implemented. Keep in mind that ransomware can infiltrate all machines on your servers as well as the servers themselves; this means it’s not just a specific computer station that’s been impacted and infected.
- Proactive protection is necessary. Phishing, weak passwords and a lack of training in your company’s cybersecurity procedures are cited as the top three reasons a hacker can successfully launch a ransomware attack. If your line staff and employees don’t understand what a phishing email looks like, or what the signs of a potential ransomware attack are, they won’t be able to alert the IT staff. The risk needs to be mitigated. To do this, you need to implement mandatory and regular cybersecurity training.
- Prepare for the worst. Talk with your BCDR Consultant and look at the worst-case scenario you can imagine for your business and its data then implement a cybersecurity plan to address that worst-case and even a level higher. Standard, out-of-the-box security solutions are no match for the cunning of today’s hackers. To truly protect your business and its data you need to have a multi-layered approach that a hacker needs to breach before opening that final door. Your cybersecurity tools should also alert you to the first sign of a potential hole in your security. What should be in your multi-layered cybersecurity plan? Number one needs to be BCDR (you need to be able to quickly recover and protect data) implementing employee training, updating antivirus software (or installing it if you’re not already using it) and making certain all patches and updates to the software are run and tested.
Know whether your current IT staff is competent and cognizant enough to ensure business continuity. BCDR is a specialized area of cybersecurity; having a tech-savvy IT staff member is not enough to protect your business from a ransomware attack.
The ransomware study found:
- The cost of downtime from a ransomware attack is close to 25% higher than the cost of the ransom payment being demanded
- The cost of downtime attributed to a ransomware attack is up more than 200% over last year.
- The money you invest in a BCDR specialist, one who is solely focused on keeping your business safe, is well worth it. Even if you can’t afford to hire a 24/7 IT staff, you can’t afford NOT to hire a BCDR specialist.
I run an IT & Cyber Security Consultancy focusing on Business ContinuityDisaster Recovery (BCDR). We work professionals in many fields including legal and medical.
If you have security and business continuity and cybersecurity questions let me know. I am also filling up my calendar with guests on my Security Disciple Podcast. If you’d like to be a guest, please DM me @waregeeks, call (877) 653-7146, or email me firstname.lastname@example.org. www.waregeeks.com