Ransomware attacks are not new, but they are becoming increasingly more popular against schools and SMBs.
Hackers infiltrate your architecture’s first layer of encryption through a phishing email. Once they’re in, they freeze your devices, and either steal or threaten to steal your data. If you don’t pay them a hefty ransom (hence “ransomware”), they will eliminate your data and/or publish it on the dark web.
This threat is why businesses cannot be too diligent about cybersecurity. Without it, they are open to attacks that can cost them numerous days of downtime – not to mention expensive ransom payments.
In 2019 alone, the Better Business Bureau reported nearly 4,000 cases per day of ransomware involving businesses.
Here are a few best practices for small businesses to help protect against ransomware threats.
Backup your data regularly.
If you can restore your data from a cloud backup, your attacker loses leverage.
Test your backup systems regularly.
Backup systems can run out of storage or glitch. Test them regularly, and verify the recovery mechanisms actually work.
Use good patch management
Your technology infrastructure incorporates many components, each of which have security patch updates regularly. Make sure you are maintaining all of these in a timely manner:
- Computer operating systems
- Mobile device operating systems
- Firmware for devices like routers, printers, etc.
- IoT devices (smart security cameras, etc.)
Employ application whitelisting
Whitelisting helps stop ransomware by stopping any process that isn’t approved (i.e., “whitelisted”).
Practice “Least Privilege”
Instead of giving everyone in the business administrative-level access in software applications and cloud storage systems, give all users the lowest access privilege they need to do their job.
Use a UTM Firewall with Web Protection
Unified Threat Management firewalls are more powerful than the consumer grade products that come with their ISP or router. They provide more protections against ransomware and malware. They also include web protection, which stops unauthorized download of malware.
Combining these practices with additional steps such as employee cybersecurity training and data handling policies can give you peace of mind as well as strengthen your overall security.
If you need help securing your network, Dice Communications can help evaluate your current IT strategy. We offer flexible and affordable managed services plans, as well as virtual CIO offerings that can help keep your business secure.