In this post I'll give you my top tips for protecting your company against Ransomware.
Ransomware is just another form of computer virus. In the past viruses did nasty things to your computer, like making them misbehave, or slowing them down, or even switching them off. The installation of anti-virus software has largely provided protection against most viruses, and has been quite effective.
However, if you leave your doors or windows unlocked, the chances are that one day someone will just walk in and steal your possessions. Your data is no exception. Leaving your computers unprotected means it's just a matter of time before your data is stolen.
It's not if you'll be a victim, it's when.
Today organisations both large and small are being "held to ransom" by unknown criminals intent on taking money in exchange for giving these organisations access to their own data. The threat is real, and growing rapidly. Hackers are finding new ways to bypass security.
Ransomware works by secretly gaining access to your data, and then encrypting it without you knowing. The only way to unencrypt it, is by paying money to the hackers for a unlock code. The ransom, could be a few hundred pounds, or even thousands. Without the unencryption code you will not get your data back, ever!
Even when you hand the money over, there is no guarantee that you will get your data back. It can often take days or weeks to fix the problems an attack has created. The cost of recover is not the only issue companies face, loss of reputation, and lack of customer trust can be even more damaging longer term.
One way of protecting yourself is exploring the use of cloud based systems, such as Office 365 from Microsoft, or Practice Management software from LEAP Legal. These systems are hosted in high security data centres, and don't rely on servers located on your own premises. They do all the work to protect your data.
If you do have on premises systems these are my top tips, and should go a long way to protecting your organisation against the threat of ransomware.
1. Train your employees to be aware of the risks, make them aware of Phishing Emails
Most security breaches are caused by human error. Ransomware relies on our natural sense of being inquisitive to lure someone into clicking a link that starts the attack.
2. Have good up to date Antivirus software.
While hackers are often one step ahead of the Antivirus suppliers, their software is often updated within hours of an attack being detected in other companies or countries. Install it, and update it often.
3. Always have good data backups, and test them often.
If you do get infected, then being able to restore your data from a good and recent backup, will mean you probably won't need to pay to get your data back.
4. Patch your systems.
Ransomware, like 'ordinary' viruses, relies on your systems being out of date and vulnerable to attack. Make sure your systems are updated with the latest software updates, from the manufactures like Microsoft and Apple.
5. Have an Incident plan
If, or when you do get infected by Ransomware, or any other virus, have a plan to deal with it. You can often limit data loss by having a rehearsed plan to deal with the Incident as soon as you know about it.
For more information and a detailed guide to protecting your organisation from Cyber Threats visit the National Cyber Security Centre website, they also have a detailed guide to Ransomware.