Small Business Guide to Ransomware Security in 2020
Of all the forms of malware, ransomware is one that’s particularly dangerous for small businesses. Not only has this cyberthreat been on the rise, so much that the FBI issued a warning about “high-impact” ransomware attacks recently, but it also zeros in on smaller companies.
Hackers have found ransomware to be particularly lucrative. They introduce the malware into a system (usually through a phishing email), it encrypts the user’s data, making it unreadable, and they demand a ransom to send a decryption key.
While the larger attacks, like those on municipalities and hospitals tend to get the most media coverage, the fact is that small businesses are targeted in 71% of ransomware attacks.
That makes good cybersecurity practices and managed IT security particularly important. When businesses are lax about their tech security, it leaves them open to these costly attacks that can mean days of downtime and having to pay expensive ransoms.
A few recent examples of small businesses in Wisconsin falling victim to ransomware include:
- In October 2019, a Waukesha information technology consulting firm paid an undisclosed ransom amount due to a ransomware attack impacting multiple dental offices they served that blocked their ability to access things like patient X-rays and other data.
- In November 2019, several nursing homes lost their access to vital medical records when their systems went down from a Russian attack that hit Milwaukee-based Virtual Care Provider, Inc.
- An attack in 2016 on Wood Specialties Company in Menomonee Falls included a ransom demand of thousand of dollars to return access to their data.
According to the Better Business Bureau, there are nearly 4,000 cases of ransomware happening to people and businesses every day.
93% of phishing scams are connected to ransomware.
Ransomware is a big threat and getting bigger in 2020, but there are best practices that small businesses can follow to ensure their data and access to it are protected.
Steps for Good Cybersecurity to Combat Ransomware & More
Small businesses typically can’t afford to hire their own Chief Information Officer (CIO) on staff, and many aren’t sure what steps they need to take beyond using an antivirus to protect themselves in the event of a ransomware attack.
This guide for small business cybersecurity will help protect your company from ransomware and multiple other dangerous threats out there.
Backup Regularly & Verify Integrity
Having a backup of all your data is critical for combatting ransomware. If you are able to restore your data from a cloud-backup, the attacker has no leverage over you to extort a ransom.
Make sure you regularly test backup systems to ensure they’re working properly (they can sometimes hit glitches or run out of space), and make sure they include a fast and efficient recovery mechanism.
Focus on User Training
Phishing is the main delivery method of ransomware and it’s targeted at your employees. It’s important to conduct ongoing training on ransomware awareness, including how it’s delivered and what to do if a questionable email is received.
Combining this with overall cybersecurity training, such as data privacy and handling policies, can help strengthen your overall data security.
Use a UTM Firewall with Web Protection
Some small businesses make the mistake of using a consumer grade firewall product, either one that comes with their ISP or their router. But these aren’t generally strong enough for business networks.
UTM firewalls (UTM = Unified Threat Management) offer additional protections against multiple forms of malware and ransomware and include web protection, which means if a malicious link is accidentally clicked, the firewall will stop any unauthorized download of malware.
Employ Good Patch & Update Management
There are multiple parts of your technology infrastructure that need to be kept updated with security patches. These include:
- Computer operating systems
- Mobile device operating systems
- Software
- Firmware for devices like routers, printers, etc.
- IoT devices (smart security cameras, etc.)
It’s difficult for a small business to continually ensure all their systems are being updated regularly with those vital updates and patches, which is why it’s smart to sign up for a managed IT services plan that can handle all updates for you, as well as regular maintenance and monitoring of your devices.
Use the Policy of “Least Privilege”
When setting up privileges in software applications and cloud storage systems, small businesses commonly default to giving everyone administrative-level access “just in case they might need it.” But this is a dangerous practice because it means if anyone’s password is hacked, the hacker can have full run of your network.
Instead, give users the lowest access privilege they need to do their job. This can always be increased later if needed, but it’s safest to limit access using the least privilege policy.
Use Antivirus/Anti-Malware Programs to Protect Email
Phishing emails that deliver ransomware are getting more sophisticated all the time and often their emails look identical to ones sent by companies like AT&T and UPS. Using an anti-malware program designed to protect your email can help backstop your users and quarantine suspicious looking emails before they get to their inboxes.
Use Tactics Like Application Whitelisting
Application whitelisting is a security setting that only allows approved programs to run processes. This helps stop ransomware and new forms of malware that haven’t been catalogued yet (“zero-day”), because it locks out any process that isn’t previously approved to run.
This is becoming the norm in good cybersecurity practices due to the rise in zero-day ransomware and malware.
Get Help Securing Your Network from Quantum PC!
You don’t need to hire a CIO to have strong IT security strategy in place. We offer affordable managed service plans (Quantum Care) that include things like managed anti-virus and patch management.
Contact us for a quote on a Quantum Care plan today. Call 920-256-1214 or reach us online.
