How to Protect Your Business from Ransomware

1.

Run the latest versions of the technology you’re using

Ransomware attackers are actively exploiting software vulnerabilities and upgrading their exploit kits which means businesses need to be one step ahead by keeping their technology and software updated. Technology companies are constantly optimising and patching their systems and software to make them more secure against current and upcoming cyber threats. One method businesses are encouraged to use is Multi-Factor Authentication, which provides an essential layer of protection to the sign in process when accessing accounts or apps. So, make sure you’re keeping up with Ransomware attacks by installing the latest updates and upgrading your hardware before it becomes outdated.

2.

Make users aware of the issues

Security awareness training is critical as a first line of defense against today’s Ransomware attacks. According to a government report, phishing and credential harvesting are the main threats NZ business are facing, making up 46% of all incident reports in Q1 of 2021. These attacks can take a huge toll on your organisation, resulting in significant monetary loss. For this reason, it’s crucial to teach your employees what to look out for so that they don’t click or respond to suspicious activity. For this training to be effective, it needs to go beyond one-off training. For example, our team provide security awareness training to not only teach employees, but to track how they’re doing after the training and correct any users who continue to make mistakes. It is an automated, fun approach with contextual training and a phishing, reporting and triage option built in.

3.

Maintain live backups for quick recovery

Sometimes your first lines of defense don’t work, which means you also need to be prepared in case a Ransomware attack gets through. This is where backing up your data comes in. By having a reliable data and backup plan in place, ideally on an off-site network, so you can recover lost data to avoid costly data loss. This goes beyond Ransomware attacks, to cover loss due to other types of cyber attacks or from hardware failure.

4.

Endpoint security

Whether your employees are working from the office, home, or a café, it’s important to have endpoint security measures in place. Endpoint Detection and Response (EDR) is a behavioural based security solution that combines real-time monitoring with rules-based automated responses to protect your devices from suspicious activity 24/7. For example, if unusual scripts are running at 3am at night, EDR will recognise this as abnormal activity and respond, putting a stop to it. This is significantly more effective than the traditional anti-virus or anti-malware approach and increases detection of zero day attacks, as traditional anti-virus approaches can often take up to 1 to 2 weeks to identify and understand a new threat.

5.

Comprehensive cyber security plan

In a 2021 report by HBR, the number of Ransomware attacks on businesses was up 150% and the ransom amount has risen by 300% from the previous year. And it’s showing no signs of slowing down. Many businesses make the mistake of thinking it won’t happen to them, but when you consider New Zealand businesses reported a direct financial loss of $3 million in Q1 of 2021, it’s not worth the risk. Implementing a comprehensive cyber security plan will help make sure your business doesn’t have to deal with financial and reputation damage of a successful Ransomware attack. We always recommend that our customers take a layered approach that's tailored to their infrastructure, including managed firewall, email and, internet protection, security information and event management.