Protecting Your Business from Ransomware

Ransomware is one of the biggest threats facing businesses today.  Twenty years ago, it was easy to dismiss computer viruses as the work of small-time cyber vandals, but no more.  Malware is big business, with cyber criminals raking in millions of dollars a year.

So what is ransomware, and what can you do to protect your business?

What is ransomware?

Ransomware is a new type of malware which does not destroy your data, but locks it away with strong encryption.  The criminal groups then require you to pay a ransom in order to get the key to unlock your own data.  Criminals have realized that your data has more value to you than it does to them, and they are raking in millions of dollars selling businesses access to their own data.

But I have anti-virus.  Isn’t that enough?

A high-quality anti-virus is a necessary layer of security, but it’s only that: one layer.  Unfortunately, ransomware writers are very smart and highly motivated.  They are involved in a constant cat-and-mouse game with anti-virus manufacturers, and have proven quite adept at finding new ways to compromise computers.

According to security researchers at SonicWall, ransomware attacks were up an astonishing 229% from 2017 to 2018 alone.  What’s in store for 2019?  No one can say for sure, but your business needs  to have a plan.  To evaluate your current defenses, consider these basic requirements: 

  1. Business-Grade Anti-Virus:  If you are running a business, don’t rely on free antivirus solutions (many do not actually allow business use at the free level anyway).  Invest in a high quality system, preferably one which can be monitored by your IT consultant or someone in-house. Antivirus systems often provide the first warning of a compromise, so make sure someone is keeping an eye on alerts at all times.
  2. Keep Your Systems Up-to-Date: Ensure that you are always using the latest version of your web browsers, operating systems, and all other software.  Cyber-criminals always look for vulnerabilities in out of date software versions, and will exploit them if you give them the chance.
  3. A Written Computer Security Policy:  If you have employees, you need a computer use policy in writing.  Can employees use company equipment for personal use?  If so, what are the limits?  While it is reasonable to allow employees some personal use, business owners need to have clear policies on what this entails.  This not only protects you from liability, but can help keep your systems secure.  If you don’t have a written policy, speak to a lawyer or IT professional about getting one.
  4. Backups, Backups, Backups:  Nothing is foolproof.  Despite following the above steps, no one can guarantee that your systems will be 100% impenetrable.  If you do have the misfortune of experiencing a ransomware attack, backups are your last line of defense.  Beware that cybercriminals are aware of this, and many new viruses will actually attempt to encrypt your backups as well.  Work with your IT consulting professional to ensure that your backups are safe from such attacks.

These are just some basic steps that you can take to keep your data safe.  Nothing is guaranteed, but a little prevention goes a long way.  If you have any comments or would like to talk about how your business can keep your data protected, feel free to contact us any time.