If ransomware isn't already one of our security priorities for 2017, it's time to put it on the list.
As its name implies, ransomware is particularly insidious for a couple of reasons. Somewhat ironically, it uses encryption, which generally considered a security-enhancing technology, to deny victims access to their own files. Secondly, attackers then demand a payment, or ransom, to restore access.
Provided they even hold up their part of the bargain, that is.
"Ransomware often infiltrates a PC as a computer worm or Trojan horse that takes advantage of open security vulnerabilities," states this Webopedia entry. "Most ransomware attacks are the result of clicking on an infected email attachment or visiting hacked or malicious websites."
The FBI estimates that in all of 2015, ransomware victims lost $24 million. The following year, victims were on the hook for $209 million, and that was in just during the first quarter.
MonsterCloud, a managed security services provider, recently surveyed 284 companies in the U.S. to determine how organizations of various sizes are responding to this threat. The news is not good.
While all large businesses have taken steps to combat ransomware and most midsized businesses (91 percent) have done the same, only 15 percent of small businesses have secured their email, data and backups as a precaution. Only 1 percent of small businesses polled by the company said they fell victim to ransomware, but considering that the U.S. is home to 28.2 million small businesses, hundreds of thousands of them are at risk.
Fortunately, when it comes to combating ransomware, small business owners don't have to go it alone.
Call in the Pros
"Companies need to ensure they have cybersecurity experts, in-house or outsourced, to assist in building readiness programs, monitoring for threats, and mitigating attacks if they happen," advised Zohar Pinhasi, CEO of MonsterCloud. "These are specialized skills, and technology-oriented defenses alone are not enough. People are central to protecting their infrastructure."
In the meantime, there are plenty of other steps small businesses can take to prevent ransomware from taking a chunk out of your budget. First and foremost, backup your data.
Backups are a tried and true way of retrieving lost data when things go wrong. Users who backup regularly can avert disaster when ransomware strikes by restoring their data from a recent backup after they cleared their system of any and all malware. It's an inconvenience, and it can incur quite a bit of downtime, but restoring your systems from clean backups beats the alternative.
Don't tempt fate. Adopt stringent backup policies that can help you get back on your feet if ransomware or any number of other mishaps befall your small business.
Strengthen Your Defenses
MonsterCloud also recommends the use of strong passwords that make it difficult for remote criminals to brute-force their way into your systems and accounts. Relatedly, place strict limits on remote services, disable unused file shares and inactive users to reduce your overall attack surface.
A good firewall and intrusion detection system are worthwhile investments and can stop suspicious network traffic in its tracks. Keeping your operating systems, antivirus, browsers, plug-ins and other software patched and up-to-date, prevents attackers from exploiting known vulnerabilities.
Rank-and-file employees can also help in the fight against ransomware. In fact, they are often the first line of defense.
If an unsolicited or suspicious attachments cross your workers' inboxes, teach them to avoid opening them and delete the emails. Likewise, don't trust every link you encounter. "Think twice before clicking," Pinhasi warned.