Five essential ransomware and recovery tips every business should know

Ransomware has increased by 15% over the past year, driven in no small part to a rise in email phishing attacks, according to the latest ACSC Annual Threat Report. While large scale enterprises have the resources and strategies to recover quickly, for smaller businesses, operations can easily become crippled for extended periods.

So how can small companies be on the front foot when it comes to ransomware resilience? To help build your cyber resilience and protect your business against ransomware, here are five tips.

1. Employees are your greatest asset

Your staff are your businesses' cyber security guards and a solid line of defence. If employees aren't across the latest threat and email scam news, how do they know what to look out for?

When looking to infiltrate a system, most attackers will try to access employee credentials in some way. Educating employees on avoiding ransomware and detecting other scams reduces the likelihood that criminals can access a business's systems. Some simple tips to keep security front of mind for staff include:

1. Require regular password updates

2. Ensure all passwords are strong

3. Regularly train staff on how to spot ransomware attacks and other scams

4. Keep staff up to date on the latest security threats that are targeting the businesses industry

2. Always plan for ransomware protection and recovery

A data breach is a 'when' not 'if' scenario, meaning the best way a business can remain resilient to ransomware threats is to map out defence and recovery strategies in the event of a breach.

When creating a recovery strategy, one plan won't fit all, a business needs several to respond to a growing array of risks and the changing nature of today’s threats. Four primary considerations businesses should factor into their planning include:

1. Define the parameters of the recovery plan, for example: identify and prioritize critical applications so you can focus first on the systems and data that you’ll need to recover first.

2. What is the internal escalation process? During an attack, what situations will get escalated to more senior staff to coordinate?

3. What are the legal and customer impacts of the threat?

4. Map out team responsibilities and who will be owning what tasks

The plan should also include action items, contact lists, timelines, and if possible, pre-approved crisis communications. Once you have your plan in place, along with the procedures and technologies to execute it, make sure it will work as needed by performing frequent tests.

3. Implement multi-factor authentication

Multi-factor authentication (MFA) verifies users by requiring two pieces of evidence to prove their identity, such as a password and code sent via text. It acts as a great security measure and when formed as part of a multi-layered security strategy, can be one of your strongest lines of defence.

MFAs make it difficult for criminals to access employee accounts even with the correct credentials. That means if an attacker can circumvent a business's MFA procedure, there is likely a more severe security flaw that needs to be addressed.

4. Segment your networks

After an attacker has infiltrated a network, they will look to broaden their foothold to access more valuable data and systems. This is known as 'lateral movement, where an attacker will progressively move through a network (typically using compromised credentials) while searching for critical data and assets.

Network segmentation involves splitting up a network to limit how freely users can move within. A rule of thumb when looking at network segmentation is—if a system does not need to communicate with another system, it should be separated.

5. Re-think business backups

These days, cybercriminals are developing and deploying more sophisticated technologies than ever. However, not all companies have the resources for massive backup solutions. A simple 3-2-1 approach to data backup can be an effective 'recovery ready' strategy for small businesses.

1. Make three copies of your data: It can take months to fully recover from an attack, having copies of essential data ensures regular business activity can resume as soon as possible.

2. Backup on two media types: These days, cybercriminals have begun targeting data backups as well. Ensuring sensitive data is backed up to more than one location improves a business's recovery window and reduces the risk of backups being compromised.

3. Secure one backup off-site: Criminals will immediately look to extend their reach further into a network during an attack. Securing a backup off-site that is not directly linked to a business's network helps protect backup data from being compromised.

Being recovery ready doesn't have to be complicated. With the proper preparation, even small businesses with limited resources can develop the resilience needed to thrive in today’s evolving threat landscape.

• Prev
• Next