Last year, business ransomware attacks increased threefold. Small- to medium-sized enterprises (SMEs) were hit hard ‒ 42 per cent experienced attacks in a 12-month period. The outcomes were grim:
- A third (32 per cent) paid the ransom.
- One in five paid the ransom but never regained access to their data.
- Two thirds (67 per cent) lost data.
- One in four worked for weeks to restore access.
Considering these figures, your business will likely be targeted at some point, and you need to protect your important data (customer details, accounts, orders and more). The following five elements are essential parts of a successful ransomware response.
Build a cyber response plan to remain one step ahead of hackers
Cyber attack recoveries are high-pressure situations that don’t allow much margin for error. Collaboration and effective communication among employees and stakeholders is necessary for recovery, and the roles of personnel following an attack must be clearly defined.
A business continuity and disaster recovery (BC/DR) plan with a strong cybersecurity response strategy is a must for any size business. BC/DR planning allows your company to be more prepared for unforeseen risks like a ransomware attack so business processes and procedures can continue both during and after the attack.
When planning a cyber response strategy, you must consider how you will respond to the disruption to minimise downtime. Will you need to temporarily revert to paper-based processes? How will you communicate the situation to customers? What is your stance on paying the ransom?
Once you’ve created your plan, testing it enables you to identify gaps and properly document the recovery process.
Instruct your employees to watch out for suspicious emails
A disturbing number of employees are falling victim to phishing attempts. According to 2016 Verizon research, people opened 30 per cent of phishing messages. Of those, 13 per cent also opened the attachment, introducing malware to the network. To reduce human error risk, employees should follow these best practices:
View emails critically. Instruct employees to look for poor design, misspelled words and incorrect grammar, requests for personal details, unusual attachments and URLs that are different to the company’s primary domain (to view a URL without clicking a link, users can hover over the link with their cursor).
Notify IT of a suspected ransomware attack. If someone detects any suspicious activity, instruct them to notify IT immediately and stop working on any devices that might have been infected by malware.
Create secure logins. Require staff to use complex passwords containing a combination of special characters, numbers, and lower- and uppercase letters. Whenever possible, use two-factor authentication to increase security.
Update systems to prevent ransomware infecting your business
New security threats are continually emerging. In response to these threats, hardware and software developers create security patches that protect the device or application. Employees need to apply these updates promptly to ensure the company’s data and network are secure.
Once systems reach end of life, they need to be promptly replaced. Manufacturers no longer roll out security updates for those systems, leaving them vulnerable to security threats.
Ensure you have security software in place
It’s also important to protect servers with file-level anti-virus. However, sometimes malware can circumvent anti-virus software, breach the perimeter and reside undetected in the network. This is why anti-virus must be accompanied by intrusion detection and prevention, deep packet inspection, and port scanning and protocol inspection.
Be diligent about applying any available software updates, as ransomware is always evolving. According to a cloud research executive, ransomware variants increased 400 per cent in 2016, and ransomware families are expected to grow 25 per cent in 2017. If your IT staff don’t have time to apply updates in a timely manner, you might consider working with a managed service provider (MSP) that is qualified to monitor your system settings around the clock and apply updates as needed.
Don’t forget to back up data
Of course, even security updates aren’t always able to match the pace at which ransomware changes, which is why you need to regularly back up your data in case of an attack.
As an example of the difference backups make, one SME had a critical server encrypted by ransomware that had bypassed the firm’s anti-virus software. The SME was a customer of managed IT services provider IT Specialists (ITS), whose team was able to recover the client’s data from backups without the ransom being paid ‒ all before the start of the SME’s workday.
If the server had been lost, the client would have faced hours, days or weeks of rebuilding databases, all while losing revenue and customers.
As a caveat, the amount of time it takes to restore data from backups could cause a significant business interruption. Calculating your organisation’s maximum allowable downtime helps you determine your recovery time objectives (RTOs) for critical data and applications. You can then select a backup solution that has the ability to restore backups within the required time frame.
A hybrid solution that provides the option to back up data on-site in an appliance or in a secure private cloud can help decrease recovery times for critical data. For example, data stored in the appliance enables recovery times of minutes in some cases.
Regardless of the solution you choose, any vendor you work with should have a service level agreement (SLA) that holds the service provider contractually responsible for restoring your company’s data within a specified amount of time. Without an SLA, there’s no guarantee you’ll be able to recover your data within your RTOs.
As sophisticated as cyber threats are, you might not always be able to prevent ransomware from taking your data hostage. Fortunately, with some advance preparation, you can avoid an attack becoming a disaster for your business.
Matt Kingswood is UK head of managed service provider IT Specialists.