Ransomware is a big problem that is getting bigger. Thousands of businesses worldwide and in South Africa have been hit this year. Remember when Garmin went down for five days? That was due to ransomware. Closer to home, City Power, Life Healthcare and Tracker have also been hit.
Small businesses are not immune. In fact, due to less robust cyber security, they’re more vulnerable to attack. A recent survey showed that 46% of all small businesses have been targeted and of those, almost three-quarters (73%) have actually paid a ransom to recover their data.
What is ransomware?
Ransomware is a type of malware that prevents people from using their computers and accessing their data until a ransom is paid to the attacker. Computers can be infected with ransomware through a variety of ways. Malware can be downloaded unwitting by users when they visit malicious or compromised websites. It can also arrive as a payload, either dropped or downloaded by other malware. Most often, ransomware is delivered via email. Once installed, ransomware either locks the computer, encrypts certain files with a password, or locks files like spreadsheets and documents.
Five ways to protect against ransomware
Have multi-layered email security
Email is commonly used by attackers to deliver ransomware so comprehensive email security is absolutely essential. Ideally, your email security should have content filtering capabilities and advanced threat protection (ATP) which prevents advanced undetectable malicious code attacks and ransomware.
Install robust endpoint protection
Conventional antivirus software just won’t cut it anymore. You need technology to protect against zero day attacks, including ransomware. Endpoint protection and response/remediate (EDR) is a must. Adopting a zero trust approach is even better. This approach requires all users to be authenticated, authorized before being granted access to applications. In this instance, only verified applications, processes and services will be allowed to run on the endpoint.
Do cyber security awareness training
Most of the time, breaches happen through behaviours that employees don’t even think about as risky. Browsing and downloading from unsafe websites, clicking on links or opening attachments in malicious emails, using unauthorised third party apps and responding to phishing scams on social media, in emails, via whatsapp and phone calls are all risky. Educate your staff about cyber threats like ransomware. With an effective security awareness training solution, you can reduce human error risks and transform your users into a solid first line of defense for identifying, avoiding and reporting sophisticated attacks.
Paying the ransom is never a guarantee that the data will be returned and experts agree that this isn’t the best remedy anyway. Backing-up data is therefore an important strategy against ransomware. Users can use a dedicated external hard drive for backups, plug it in, complete the data backup and then make sure to unplug the drive. A better strategy is using a cloud-based backup system. Back-ups can be scheduled, providing isolated copies of data in case a computer gets infected.
Have next generation firewalls
Have a next generation server-based firewall at the network perimeter. Each and every endpoint should also have its own firewall to protect it against threats that don’t originate from the internet, such as those spread via email or infected discs and USBs. A desktop firewall will also stop unsolicited outbound traffic from infected computers which could lead to infections and security breaches in other computers and external programmes.
Keep software updated
Security software is only as good as the last update. Keeping your security software and operating system updated will help protect your endpoints. When updates are done, you benefit from the latest security patches so it is more difficult for cybercriminals to exploit vulnerabilities. With threats always evolving, the security status of the network and every endpoint in the eco-system needs to be monitored constantly.
Preventing ransomware is the best cure. Talk to us to get the best protection against ransomware – and everything else!