Five Tips to Deflect a Ransomware Attack
Updated: Sept., 2023
Type “Ransomware” into your search bar any day, any time, any week, and you will find top stories—posted within the day—about the most recent ransomware attack in the U.S or globally.
Ransomware is malicious software designed to lock computers or data storage until a ransom is paid—with an extra emphasis on malicious. The cyber-criminals who write the code for these attacks mean business, to the tune of millions of dollars lost annually.
Since the COVID-19 pandemic, ransomware attacks have been at an all-time high, disproportionately affecting small to medium sized businesses who have less cybersecurity budget than large enterprises.
We’ve gathered five tips that could help deflect a ransomware attack on your small to medium sized business.
Tip #1. Create a human firewall
Humans are the weakest link in any network. All staff, including IT and security administrators should receive cyber security training at least annually.
Mandating good password hygiene, executing simulated phishing, instituting multi-factor authentication across your entire organization, and keeping employees informed of the risks of poor security habits is essential in keeping SMB’s ransomware free.
According to recent industry research, human error is the root cause of over 80% of all security breaches. Why? Increased use of social media at work is one good reason. Who hasn’t logged onto Facebook or Instagram at the office? But have you ever considered how you might have made work data vulnerable by doing so? It’s easy for staff to misjudge the risks and inadvertently cause a security breach.
This is completely understandable since cyber security probably isn’t high on the list of fun or easy free time reading.
A general negligence and lack of security expertise with websites and applications can also mean a breach is imminent for many businesses. Hackers have become so good at feigning legitimacy it can take an expert to spot a fake. Failure of internal IT staff to follow security procedures and policies is also, unfortunately, a reason many businesses become victim to ransomware.
The tough job market for qualified and experienced IT personnel in many regions has led to businesses being forced to employ IT staff that lack a high level of cybersecurity readiness, which has made MSPs one of the most popular targets of ransomware attacks. SMB’s must embrace security and the leaders in these organizations need to present security as a culture of essential compliance.
Tip #2. Use advanced email protection.
According to cybersecurity research firm the Cleartech Group, over 94% of malware is delivered by email.
This makes implementing a strong email protection system the single most impactful technical decision an SMB can make. To get the most of your email protection services, you should choose a service with AI based filtering, link rewriting and file/link detonation (or email sandboxing). Those are all the latest generation of email security features, which should augment your training efforts well.
Tip #3. Implement a backup and recovery plan and test it at least annually
Hackers are extremely adept at altering their attack methods to combat antimalware controls. It isn’t really a question of if your business will be attacked, it’s when (and it’s already happened).
And just like in the movies where the person being held ransom is dead before the ransom ever gets paid, hackers may or may not de-encrypt your data even after you’ve paid the ransom. According to Sophos State of Ransomware Report, over 90% of companies that pay a ransomware to hackers never get their data back.
That means it’s essential that SMB’s have a reliable backup of that data and that they know how to use those backups to restore operations at their business as quickly as possible after an attack.
Many businesses in our area don’t have the internal IT team to manage that difficult process internally, which means that the most effective way to do this is by leveraging the expertise of an IT services provider. The technicians at a managed IT service provider, for example, can create a strategic and reproducible recovery plan to reduce the stress and downtime of an actual ransomware event.
Tip #4. Don’t use administrative accounts
At least don’t use them for day-to-day operations. Any user who needs an administrative level account should have a separate account for normal day-to-day functions.
Typically, standard user accounts can’t install software or access critical file systems. This means malware installed under a standard account can’t make damaging changes to major files or the network in its entirety.
Users should make it standard practice to only use the administrative account when requested to elevate permissions. Since admin accounts have absolute permission to do things on a machine and network, the security risks that ride along with admin accounts are too high to use liberally.
Tip #5. Secure system administration tools
Don’t give everyone access to everything. Access controls like file, directory and network share permissions should be configured with “least privilege” in mind. No user should be assigned administrative access unless necessary, regardless of title.
Few (if any) network users need access to all network resources such as file shares. Providing access due to title alone can create an unnecessarily large attack surface. These users are typically the highest-profile people in the company, which makes them most likely to be the targets of an attack.
In-house IT staff or your outsourced cybersecurity partner should monitor sensitive systems and networks for unauthorized access. They should also patch and update operating systems, software and other applications as updates become available, so hackers can’t exploit security gaps.
Now is the Time to Get Serious About Ransomware
The threat of ransomware has remained very high since the COVID-19 pandemic, with 73% of businesses reporting that they were hit by at least one ransomware attack in 2022, and 38% saying they’d been struck multiple times.
If your business lack confidence when it comes to facing ransomware and other malware threats, we hope you’ll reach out to the experts at Astute Technology Management to help protect your business’s staff and network.
We’ve been serving Columbus and Cincinnati, Ohio since 1998, providing reliable cybersecurity consulting and services to business of all types. Contact us at [email protected] or 614 389 4102