Surviving Ransomware: Protecting Your Business Before and During an Attack
Not long ago, it seemed like only big corporations and organizations fell victim to ransomware attacks. Today, just about any business of any size can be targeted—and the results can be devastating, ranging from economic setbacks to brand degradation.
How can you protect your enterprise from the threat of ransomware, and what can you do if the worst happens? We look at preventing ransomware attacks and what to do should the unthinkable happen.
Why It Happens…And Happens
Compared to traditional theft, ransomware is easier. There are no locks to pick or guards to avoid. The attacker just needs a computer and a list of potential targets to trick into clicking an email link or downloading an attachment. We know what happens next, and statistics show that if you fall for ransomware once, you'll likely become targeted again.
The Best Attack Is No Attack
Stopping a ransomware attack before it starts begins with phishing awareness training for all employees with a company email account. These people are your first line of defense, and teaching them how to identify, avoid and report phishing emails will make them more challenging targets. A comprehensive training program ensures everyone gets smarter because you're only as strong as your weakest link.
Where to Turn for Help
You can bone up on phishing awareness and train your employees yourself, but do you have time for this? Firms like KnowBe4, Ninjio, and Mimecast all offer solutions. Some also provide phishing simulations to run yourself that test and report which employees click, so you know who's putting your company at risk. A web search of phishing awareness training provides a host of options.
In an ideal world, all businesses would have a Chief Information Security Officer to implement and oversee your company's training and awareness program to help you avoid ransomware disasters. However, it costs a lot to add a person, which is why many small to mid-sized businesses assign this role to IT.
Training Isn't Foolproof
Even a highly trained workforce can fall victim to a savvy social engineer intent on carrying out a ransomware attack on your company. Phishing emails can be highly sophisticated, tricking even high-level employees into deploying ransomware. Some of the most effective phishing email scam tactics include an 'appeal to ego' that lures executives with an offer of a bogus online profile.
So, What if Someone Clicks?
If anyone clicks (even an executive) and triggers a ransomware attack, the key is to keep calm but act quickly. Alert IT immediately so they can take potential steps to stop your network from being completely paralyzed. Even then, it may be too late, but the takeaway here is never to assume the problem will go away or take care of itself.
Denying the Ransom Request
Wouldn't it be great to tell the attackers to bug off? You can if you've done your homework and prepared ahead of time. Ransomware only works if you need the data that's been encrypted and are willing to pay to get it back. But if your data is already backed up on another system, you can deny the ransomware demand and go about your business.
Downsides to Denying the Ransom Request
Your data is your business's livelihood, so there's always some risk involved when malicious attackers target it. If you are in the position to deny a ransom demand, you may still have to deal with the unenviable task of notifying customers and vendors that their account numbers may have been compromised and offer measures like free access to credit reports as a remedy. Your reputation as a business may also need some buffing up.
If You're Not In A Position to Deny the Ransom Demand
If you need your data and there's no way around the fact that you'll have to pay a ransom, you may be able to negotiate with the attackers on a smaller ransom amount. While it may feel unsavory working with your tormentors, it has been known to work. And at this point, you've got nothing to lose by asking.
The Best Solution
A comprehensive ransomware prevention and mitigation strategy involves a two-pronged approach. That means dealing with the human side of the equation, which requires training and awareness while covering the technical aspects such as regular backups, security updates, and other measures to make sure your network and data are secure.