By now you’ve surely heard of ransomware, a type of cyber attack when “cyber kidnappers” take your computer or network hostage and infect a computer or computer system with a virus that locks all the files and programs. The only way to unlock the files and read them again is to use a key or code, which is given upon receipt of the ransom payment.
So how do you prepare for a ransomware attack?
Planning, planning, planning. You must have a plan and assume the worst can and will happen. According to the Herjavec Group, the amount paid out by victims of ransomware in just the first three months of 2016 came to a total of $209 million. The report suggests that at that rate, the total cost of ransomware is set to reach $1 billion for all of 2016.
Here are some quick tips:
- Build a comprehensive backup solution, backup often, and test the solution. Backup your computer and file systems, drives, etc. in the cloud – one that will not be infected or linked to your current computer system. You may even create a full backup to a removable drive of some kind. The bottom line is if your files get encrypted, you don’t have to pay the ransom – you just restore the files. Most businesses back up, but some have not tested whether or not these backups work in an emergency.
- Have a disaster recovery plan. If creating the backups is the beginning of the plan, have steps to continue implementation. Who will be responsible for removing the virus and reestablishing the file system? Is it someone in your IT department? Is it a contractor or third party? Always know what which steps to take – this will keep things running smoothly, and most importantly avoids a sense of panic in a tough situation.
- Use a layered security approach, with all endpoints protected, as well as protection at the mail server and gateway. If you can stop these things from ever showing up in an end user’s mailbox, you’re ahead of the game.
- Educate your employees. One of the most popular vehicles for ransomware is a phishing email telling the user they have an invoice that requires payment. If employees recognize such emails, they will know not to open or respond to them, but instead report them to their information security team.
- Run risk analyses, and patch vulnerabilities, especially on browsers, browser plugins, and operating systems. Information security teams should be savvy enough to continuously run penetration tests to hunt for vulnerabilities.
Planning and taking quick action are the best ways to avoid a serious problem from ransomware. If your organization is not sure where to start, a cyber security provider like Neovera can easily help you create a cyber security strategy that will increase your cyber security posture and protect your business from the consequential costs and reputation damage caused by ransomware and other cyber attacks. So plan accordingly and take action now to make sure you’re in the clear when disaster tries to strike.