As small and medium businesses are more frequently becoming victims of cyber attacks, just 28% of SMBs, who were polled in a recent study, were actually concerned about ransomware. This must mean that small and medium businesses are taking security seriously, right? Wrong! That same study reported that 85% of SMBs have reported at least one cyber attack.
With ransomware becoming big business for cyber criminals, SMBs need to consider what they can do in order to protect themselves from being a victim of a ransomware attack in the first place. Given the recent uptick in ransomware attacks, let’s discuss options for reducing the risk of being a victim of ransomware.
Use Multi-factor Authentication
Using only a username and password to login is simply not secure anymore. Multi-factor authentication (MFA) adds a second, and sometimes third form of authentication. For example, you may login with your username and password, and then need to enter a 6-digit number that is available via an app on your phone, or a hardware token.
Ransomware attacks require a method for the attacker to initiate the ransomware on the target network. Today’s ransomware attacks involve an attacker gaining access to a network, stealing the data, and only then will they initiate the ransomware attack.
Using MFA on logins, especially remotely and on email systems, can make it more difficult for an attacker to gain a foothold.
Change passwords regularly and don’t reuse them
Password changes should be done regularly. This adds a moving target for an attacker who may have found one of your passwords in a data breach somewhere, especially if you don’t reuse passwords.
Control the use of Removable Storage Devices
Removable storage devices, such as USB drives and external hard drives, are the perfect weapon for the transport of Malware including ransomware which will replicate itself to external devices.
Controlling the use of these types of devices may involve something as simple as purchasing a standard USB and only allow its use, to something as complex as a Data Loss Prevention (DLP) solution that prohibits actions. Many anti-virus solutions, like BitDefender, also provide device security controls.
Make security awareness a priority
Clicking on a suspicious link, or entering credentials onto a credential phishing site could inevitably lead to the same results as above. There are many ways that attackers can use to gain access to your company’s computer network, and they should all be discussed and tested as part of a continuous security awareness solution. Topics might include:
- Being aware of suspicious links
- Not opening attachments from unknown senders
- Secure password management using password managers
- Secure use of removable storage devices
This technically won’t help you to lower the risks of being a victim of a ransomware attack, and you hope that you never have to use them, but, having backups might be critical to your recovery from a ransomware solution and should be taken at regular intervals. These backups should be stored offsite, onsite and on the cloud for the most protection.
No one is 100% safe from cyber attacks but we there are things that we can all do to help reduce the risk.