Now that you know what ransomware is and how it works, we want to talk about how to prepare for it.
Ransomware attacks are on the rise
No one can afford to ignore the threat of ransomware. According to the 2022 SonicWall Cyber Threat Report, there were 623 million ransomware attacks worldwide with damages estimated around $20 billion last year. Granted, tracking actual numbers is impossible because not all attacks are reported so we have to rely on estimates. In 2022, global attacks have increased 105% from 2021 and 232% since 2019. In the US, attacks increased 98% over the last year. Currently, there is an estimated attack every 11 seconds and approximately 10% of the US population has fallen victim. And don’t think small businesses are safe; they are heavily targeted by the threat actors. With statistics like this, and small businesses often targeted, it is vital to create a plan on how to respond if (or when) you are attacked.
Understand how secure you are now
Before you can improve, you need to know the state of your current cyber security. Threats change year-to-year, so it’s important to get the right security solution in place. More isn’t necessarily better and what worked five years ago may be ineffective today. While everyone wants to increase security overall, taking a layered approach where adding X increases protection against Y threat is most effective. In most cases, business owners may understand how their network works, but simply can’t stay abreast of the entire landscape of risks, threats, vulnerabilities, etc. To truly understand your current situation, we recommend getting a security assessment to determine your Point A so you can then create a plan to make necessary improvements and get to Point B.
Three important steps to get started
- Data Backup: If you don’t already have offline (and offsite) data backups, start now. By having a backup that is disconnected from your system, you can access and use it to get back in business should your system be attacked. It will protect you from data losses and minimize downtime as well. Make sure all of your organization’s data is included in this backup, and ideally it should be encrypted and unalterable. Once you have your backup in place, regularly test the system to make sure it is working properly and can be used to restore your operations. In the end, no one cares about backups but everyone cares about the data restoration.
- Multi-factor Authentication (MFA): Many attacks come through email, so securing your email system is critical. An easy-to-implement and very effective method to prevent attacks from doing damage is to implement multi-factor authentication on your email system. We’ve all seen versions of this, but MFA generally shows up as a text message sent after you’ve typed in your password. Many computers have settings allowing them to be “trusted” by the email system for a period of time (usually 90 days) before another MFA token is requested. This minimizes the disruption to you or your staff.
- Incident response team: All businesses should also create, regularly update, and practice an incident response plan that includes instructions on how to respond to a ransomware incident while maintaining as much business continuity as possible. This plan should include a tiered communications plan that details notification procedures for company leaders, customers, key stakeholders and the public when an attack occurs. The plan should be clearly written with the person(s) responsible identified for each step and kept in a location outside of your main network and printed and stored as a hard copy in a place where all responsible parties can easily access it. Additionally, you should conduct test runs so everyone is clear on what to do and managers can get acquainted with the steps and process before they are in the midst of an attack.
It is critical to understand the risks involved, identify areas for improvement, create a plan of response, and run test scenarios so everyone can jump immediately into action if your business is attacked. Our next post talks about ways to prevent and mitigate ransomware.