As a business owner, one of the most important things to take into consideration when setting up your network infrastructure is the security of your network. This is because, over the past several years, cybercriminals have intensified their efforts to breach business networks and access their private data for nefarious purposes; with transactions being increasingly conducted online, there is a wealth of personal and proprietary information that can be accessed if a business network is successfully compromised.There are a variety of strategies that cybercriminals use to try and compromise business networks. Of these strategies, one of the most prevalent is ransomware. Ransomware is a piece of malware that encrypts all files within a network. Once encrypted, the impacted business is then asked to pay money to have its files decrypted or lose access to them permanently. Businesses affected by ransomware experience significant downtime which can be quite costly due to a loss of productivity; the average length of downtime following a ransomware attack has increased from 7 days to 9 days since 2018 with an approximate cost of $141,000 per incident. In addition, there are costs incurred from businesses making the ransom payments to have their files decrypted; this year, these costs averaged $36,000 per ransomware incident which is a significant increase from $12,700 the previous year.
To prevent your business from becoming a victim of ransomware, there are several measures that you should implement within your organization to keep it protected. Discussed below are some of the key strategies that will help ensure that your business remains protected from the threat of ransomware.
1) TRAIN YOUR EMPLOYEES
Your employees are the most important component of your business security system, and your first line of defense. The strength of your security system is highly dependent on how knowledgeable your employees are regarding cybersecurity and the threat posed by ransomware. Cybercriminals devote a lot of their time and resources to steal the account credentials of employees; once obtained, they can use the stolen credentials to access the network and encrypt the files within the database. Alternatively, cybercriminals can send the employees emails with malicious links; once clicked, the links release malware that can encrypt the files. This year alone, 24 percent of successful data breaches were caused by human negligence.
Knowing that your employees are prime targets for cybercriminals, it is important to teach them how to manage their account credentials and keep their organization secure. Some of the information that they should be taught include:
- Password management: Passwords should never be shared across more than one site and with more than one user; passwords should be unique for each site and for each user. Additionally, passwords should be hard to guess; they should contain a mixture of upper and lowercase alphabets, special characters, and numbers.
- Email management: Extreme care must be taken when clicking on links within emails; this is especially the case if the email is from outside the organization. Unrecognized and unsolicited emails from outside the organization should not be opened
- Endpoint device management: Employee devices used to access the network should have antivirus and anti-malware software installed. They should also be maintained regularly with the latest security updates and upgrade features.
- Safe browsing habits: Browse only on sites that are secure and trustworthy; do not click on links on unsecured websites using “http” instead of “https”. Additionally, public unsecured WiFi networks should not be used to access sensitive information as these can be easily compromised.
2) ASSESS YOUR BUSINESS VULNERABILITY
Attack vectors are the various areas that can be targeted by cybercriminals to breach a network; the cybercriminals look for areas of weaknesses at these attack vectors that they can use to penetrate and compromise a network. To ensure that your network remains fully secure, you should identify all the possible attack vectors within your network, looking for vulnerabilities that could be exploited by cybercriminals; any identified vulnerabilities should be remediated as soon as possible. Some potential areas of vulnerabilities that should be checked include endpoint devices, firewalls, servers, and cloud storage systems, among others.
3) CONTROL THE USE OF PRIVILEGED ACCOUNTS
Most users within a network have restricted accounts that limit what they have access to as well as what actions they can take; these accounts are typically set up in a manner such that employees have the minimum rights necessary to do their job. In contrast, privileged accounts, also known as administrative accounts, can access every part of a business network. Privileged accounts, therefore, are prime targets for cybercriminals; with a compromised privileged account, a cybercriminal can wreak havoc to any part of a business network.
Given the extent of network access that is possible with privileged accounts, it should only be granted to very few people. Additionally, privileged accounts should not be used for everyday tasks; a separate restricted account should be created by account holders and used instead.
4) EMPLOY A BACKUP AND DISASTER RECOVERY PLAN
One of the reasons why ransomware attacks are successful is because impacted businesses have only one data source; when the data is encrypted as a result of ransomware, the businesses become effectively crippled and can no longer function. It is therefore important to back up all data to a secondary site that can be used to retrieve encrypted files in the event of a ransomware attack; this is especially necessary for mission-critical data and applications that are crucial to a business’ functions and processes. Businesses should also have a disaster recovery plan in place detailing how files and data should be restored after a ransomware attack.
5) CONSIDER A BLEND OF PRIMARY, SECONDARY, AND CLOUD STORAGE
This is tied to the previous point discussed above. Multiple storage sites build resiliency into a network and allow for a more rapid recovery from ransomware. The data storage sites should be in multiple locations in varied geographical locations. Cloud data backup through Backup as a Service (BaaS) powered by Veeam Cloud Backup is an ideal strategy because the cloud has natural redundancies built in that ensure that its data cannot be easily lost. Additionally, with the cloud, the data can be recovered from any geographical location to any compatible device.
At Cyber Sainik, we are familiar with the threat of ransomware and the dangers it poses to organizations. We have cybersecurity specialists ready to work with you to ensure that your network is kept secure from ransomware as well as other forms of cyberattacks. For more information about our services and how to get started with us, contact us today.