Posted on

Steps To Respond To a Ransomware Attack

steps after a ransomware attack

Cybersecurity is an important topic for any business now. In the last 12 months, 32% of businesses experienced some sort of cyber attack or data breach. That means that every third business had to deal with a cyber-attack, according to the Cyber Security Breaches Survey 2019 by the UK Department for Digital, Culture, Media, and Sport. It goes without saying that every business should prepare for a ransomware attack and other types of cyber-attacks.

Keeping your assets secure against cyberthreats needs much more than installing firewalls and anti-virus software. Today’s cyber threats are sophisticated and use every possible loophole in your security settings to get access.While there are different types of attacks, ransomware is one of the most malicious attacks businesses have to deal with. 

What’s a Ransomware Attack? 

Ransomware is a type of attack where malicious software (malware) takes over a computer or whole systems and denies any type of access until you pay a ransom. The ransom demand usually requires payment in cryptocurrency like Bitcoin, as it’s impossible to trace it. 

It is one of the most dangerous types of attacks, as it can stop a business dead in its tracks. In case the ransom is not paid, all data will be deleted from the system. 

This is bad enough if it happens to an individual. Imagine this happening to your company – you will lose all business and operational data, and you’ll have to start all over again. Some businesses never recover.

Preparing for a Ransomware Attack

The bad news with ransomware attacks? It can happen to anyone, and once it does, there’s not much you can do. 

But you can prepare for it. Here’s how: 

Data backup should be your number one priority.

It can save you thousands and millions, but it has to be done right by protecting your data storage properly. Ransomware attacks are carefully executed and attackers will often have access to your systems for months before they attack. 

Why? Because they want to make sure they hijack everything, including any possible backups you might have. 

This is why you should keep backups on another location. It would be best to have backups in the cloud but also have at least one backup offline – completely disconnected from any network – as even cloud backups can sometimes be affected.  

Make sure IT keeps all systems and software up to date.

Although updates are often a hassle, they exist for a reason. Most updates are released to take care of security vulnerabilities. When software and operating systems are not updated, you are basically inviting hackers to access your systems. Your IT department should ensure every device is up to date. 

Start implementing user restrictions.

Not all of your employees need access to all your data. Ask your IT provider to implement user restrictions so that your employees have access only to data they need. In case they need more, they can request special and temporary access that is revoked as soon as they don’t need it anymore. This way, in case their accounts are compromised, the breach will be limited. 

Invest in monitoring software. 

You can get powerful software solutions that can monitor your whole systems for suspicious activity. This goes beyond the regular antivirus monitoring – it can monitor what users are doing, what data they are accessing, and alert you in case something is out of the ordinary. 

Don’t forget about employee training.

No matter what type of security software and solutions you utilise, if your employees are not aware of best practices on cybersecurity, you’re always just one bad click away from a ransomware attack. Make sure your employees know how to spot suspicious email, and know that they should never click on the links in such emails or download attachments.  

Work on your BYOD policies.

Many businesses, especially small- and medium-sized ones, often allow employees to bring their own devices (BYOD) to work. Without a good policy in place, however, this becomes a security issue. 

If an employee brings an infected device and connects it to the same network, you’re looking at a possible spread of infection – and ransomware – to all other devices and the whole system. Because of this, any device connecting to your system should be up to date, have antivirus software, and be cleared by the IT department regularly. This goes for smartphones too.

First Steps After a Ransomware Attack 

1. Take a photo of the note

This will help the IT determine what type of ransomware you’re dealing with. 

2. Determine the extent of the attack 

Your IT provider should be able to determine whether the ransomware has infected a single device, or if the infection is spreading through your network.

3. Isolate infected devices and disable sharing

All infected devices should be removed from the network to stop the spread. Any type of sharing that’s active should be shut off immediately. 

4. Notify employees

Send an email to all employees so that they can report whether their devices are working. Those who can work can continue, but those affected can help in other areas while IT deals with the issue. 

5. Let IT remove ransomware from infected devices 

IT should scrub the devices that were infected completely. Sometimes, a local backup on the device can solve the issue, but oftentimes, even that will be unavailable. 

6. Restore data from backups

Once you reinstall the operating systems, your IT can restore data on affected devices from a cloud or offline backup.

To Pay or Not to Pay? 

If you’re not prepared and have no backups, you might be tempted to pay. Take this year’s ransomware attack on the City of Baltimore’s government. Their systems were infected by ransomware that stopped numerous important systems: ATMs, airports, even hospitals. 

The attackers demanded the city pays about $76,000 in Bitcoin. The city refused to pay, only to realise many of their systems weren’t backed up. They lost huge amounts of data, and the attack ended up costing them $18 million

It seems that in the case of Baltimore, it would have been much better if they simply paid the ransom. Well, not really. 

Why? 

You’re dealing with criminals. Even if the city paid the ransom, there’s no guarantee that they would have gotten the access back. If they did, they would have become a prime target for future attacks too, since they paid the ransom already. This is why it’s so important to prepare – it will minimise damages.

Conclusion

Everyone’s at risk of a ransomware attack. Preventing it is next to impossible, but preparing for it is more than possible. Your IT provider should back up your data regularly, and you should make sure your employees know how to spot suspicious phishing attacks. When you prepare for a ransomware attack properly, you can minimise the impact of such an attack and save you from monetary and reputation damage. 

Posted on

The Importance of Cybersecurity for Businesses in 2019

feature image for the importance of cybersecurity in businesses in 2019 post

Cybersecurity is a vital part of every business that deals with any type of sensitive data. With online threats becoming more diverse every day, and the increasing regulations like GDPR. It is imperative that businesses stay on top of the latest cybersecurity developments for 2019.

Here are the most important things to consider when looking for ways to improve cybersecurity for businesses:

Hacking Is an Industry Now

Hacking has become a lucrative industry, with certain types of data being more valuable than others. Medical records, for example, are worth ten times more on average than credit card details.

Because there is so much money involved in hacking, it is not surprising that hackers are launching highly sophisticated attacks that are hard to detect and can be disruptive not only to normal business operations, but also to wider government-operated systems, like power grids for example. As such, hacking threats should be taken seriously, because a data breach can easily bring your business to a halt or end it altogether.

It’s Harder to Detect Breaches

Ponemon’s 2018 Cost of Data Breach Study states that it takes 197 days on average to detect a breach. After that, it takes another 69 days on average to contain a breach. This is a very long time for a breach to go undetected, costing businesses millions. For smaller companies, such a devastating breach could mean the end of their operations. Larger companies have an easier time to recover, but it still takes months or years.

A breach doesn’t just cause loss of revenue, but also reputation, customers, and missed opportunities, as well as any damages that have to be paid after the breach.

Third-Party Apps and Vendors Are Common Vectors of Attack

With cloud computing being the new norm, it can be hard to confine sensitive data within an isolated data centre in your office. The majority of data today is stored in the cloud, with many businesses sharing data no only internally, but also to external third-party vendors or applications.

If these apps or vendors do not take adequate security precautions resulting in a data breach, the business can still be held accountable for the loss of sensitive data. Make sure then to check all third-party vendors your business deals with.

Data Protection Is More Important than Ever

Businesses who don’t invest in cybersecurity should be held accountable. It doesn’t really matter whether it was just an oversight or due to negligence – if the someone steals valuable data, there should be serious consequences.

Lawmakers are becoming aware that cybersecurity is an important aspect that needs to be regulated seriously. We are already seeing the adoption of stricter laws and regulations – the General Data Protection Regulation (GDPR) is just one of them.

Not only do such laws and regulations force businesses to improve their security, but they also help protect users against predatory practices like selling data to third parties without the user’s explicit consent.

Any business who is serious about what they do should have transparent data collection and usage policies. They should have adequate security and encryption for their data.

AI Helps Companies Protect Against Attacks

Advancements in AI and machine learning have made predictive analytics an ally against cyber attacks. Businesses have more overview of their real-time security than ever before. And predictive analysis helps them promptly detect anomalies in their operations. This is especially beneficial for the financial sector such as banks, and other businesses will reap the benefits as well.

As a business owner, you should be aware of the cyber threats lurking about. Know also that no target is too small for hackers. Make sure to update all your software regularly and educate your employees. Ensure that any third-party vendors or applications you deal with are taking cybersecurity seriously too.