Who hasn't heard of 'ransomware'? It seems everywhere you turn it is in the news. It has impacted everything from the meat-packing industry, to oil & gas pipelines, to the local City Hall and Water Departments, and numerous other businesses. In fact it has impacted so many businesses that you are not even aware that a large number of them may very well be right in your own community.
You see ransomware attackers are not just interested in 'big business', they are interested in any computers they can 'ransom'. If they can gain access to a local area network of a small business and lock that business out of their computers, they suspect that a lot of those businesses are willing to pay a 'reasonable ransom' in order to regain access to their computer data. They count on the fact that many of those businesses don't have 'cyber-disaster' response plans which include current 'safe' backups stored where the attacker can't lock them up as well.
But now even small businesses are starting to ask how to prevent ransomware attacks and how to respond should they be 'hit' by ransomware.
Ransomware attack defense comes down to the same types of prevention that applies to any cyber attack, it just mandates perhaps a stronger set of defense layers than before because the threat is both more extensive and more exhaustive. This means you must deploy multiple layers of cyber security for adequate protection.
Since the number one access point of ransomware is email, your first defense must be to deploy email protections designed to protect email credentials and defend against 'phishing'. The weakest link in the system are your own personnel who inadvertently give out their credentials to someone they shouldn't, or who unknowingly click on an email link they shouldn't click (many times in response to a solicitation for information that looks official). This means you must constantly 'train' and 're-train' your personnel in proper and safe cyber-related email procedures, as well as 'safe cyber surfing.'
Your second defense must be to protect your applications and the access you allow to your applications. Strong password security isn't enough these days, you really need multi-factor identification. As I mentioned in the above paragraph, employees far too often share passwords to not only log-in to 'the network', but their computers, and also to applications. All of this totally defeats the purposes of security designed to identify 'who' is doing what, but more importantly it opens up your network, hardware and applications to exposure because chances are if a password is shared between users, that means it is written down somewhere for somebody else to see and make use of. Once that happens you might as well 'kick cyber security out the door.'
The third defense against ransomware is something my good buddy Mario Nowogrodzki use to teach when he did the QuickBooks Desktop tech courses at Scaling New Heights... I am talking about "Backup, Backup, Backup"... I even stole his slide so I could teach the importance of Backup when I taught my Cyber Security class. You must have a comprehensive backup strategy with a secure backup solution that protects your data both on-premises and via the cloud... but your on-premises solution needs to be 'so secure' that it can not be accessed by routine methods on your network to prevent ransomware actors from simply locking it up as well.
This means that you must have a means of protecting the backup administration console from ransomware attack, along with the backup storage system itself. You must have a backup solution that prevents the attacker from locking, modifying or deleting your backup data, and you must have multiple copies of your backup including a local and cloud based copy. But you must have full assurance of those copies such that if you attempt to restore your data, you will in fact be successful. I have seen far to many people attempt to restore a backup only to find out that the backup was corrupted and could not be restored.
If you are looking for sound protection then you need an IT expert who is in fact 'expert' in cyber security protection including backup protection. And don't think that 'cyber insurance' is your backup either... while it is important to have cyber insurance to help you cover the cost of 'down time' and employment of an expert to help you get back-up and running, don't let your cyber-insurance agency convince you that you should just "pay the ransom" to get your data back (as the cheap way out) because all too often you will find that you are either 'hit again' within a few days by the exact same ransomware attack hoping to get another payment, or the first attackers take your money and then demand even more ransom before they give you your data, or give your data 'in pieces' as you keep paying them more and more.
Remember:
- Protect your Email - including training personnel against the hazards of email based cyber threats;
- Establish strong protections for access to your network, computers and applications and enforce them; and
- "Backup, Backup, Backup" (but keep them safe and secure, on-site and off, current and accurate).