Ransomware attacks are becoming a popular method of cybercrime. In 2021 alone, there were a reported 500 million ransomware attacks. Preventing these kind of attacks on your business is critical. Here we will discuss what ransomware is, how to prevent these attacks and what to do if you do become the victim of it.
What is Ransomware?
Ransomware is a very sophisticated and therefore dangerous form of cybercrime. essentially, it is malware code which, when downloaded, encrypts data so it becomes unreadable until the ransom is paid to retrieve it. It is used to target organisations of all sizes. Capitalising on human error is why ransomware is so effective and dangerous. Often, the malware is downloaded as a result of human error, for example, opening and clicking a link within a phishing email. This is yet another reason to have a Security Awareness Training Programme in place.
One of the reasons it’s so popular is because it works. Often, business owners are so desperate to minimise downtime and retrieve their data that they pay the ransom. In fact, ransomware generates over $25 million for hackers every year. However, paying the ransom is something you should never do – it plays right into the criminal’s hands and there is no guarantee you’ll get your data back.
How to Prevent Ransomware Attacks
Strong Endpoint Security
Firewalls and anti-viral software are vital. A firewall is a network security device which monitors your network traffic and protects it from viruses and malicious code. It can also stop users from accessing certain external sites. Taking the time to update your software means that you always have access to the newest, strongest security features available. Additionally, keeping your anti-virus software updated is critical to ensuring that you have the best technology protecting your business. If your networks are not patched, they can be exposed to new vulnerabilities which can be exploited by hackers.
Backing up your data in multiple places is crucial. Once you’ve identified the data that needs to be backed up, particularly sensitive data that could fall under GDPR or CCPA, you must implement backups regularly. If your business has already migrated to the cloud, backing up your data is not an onerous task. However, the cloud is still vulnerable to data loss or hacking so it is a good idea to have a local backup. The strongest protection comes from following the 3-2-1 rule: keep at least 3 copies of your data, store 2 backup copies on different storage media, with 1 of them being offsite.
Acceptable Use Policy
Your business should have a strong acceptable use policy. You can set up permissions that limit what websites employees can access from company issued devices. You can also detail what can and cannot be accessed from personal devices. Limiting administrative capabilities is also a good idea; not every employee needs to have access to all the information and data your business stores. The fewer people who have access to sensitive information, the smaller the risk of a data breach.
Security Awareness Training
One of the most important aspects of keeping your business safe is empowering your employees to use technology safely. Train them in company security policy; for example, creating strong passwords and changing them every 30 days and reminding them of procedures for encrypting personal data. Employees should also be trained in recognising potential malicious links and phishing attacks.
What to do in the Event of a Ransomware Attack
- Do not pay ransom. Paying the ransom encourages cybercriminals and shows them that their crime pays. This makes it more likely that they will continue with their activity. Additionally, there is no guarantee that your data will be returned at all.
- Isolate systems. Infected devices should be disconnected form the network to prevent further infection.
- Report. Ransomware attacks should always be reported to authorities. They may be able to identify the source and prevent further attacks.
Cardonet can provide you with a comprehensive range of cyber security services to help you stay secure and, at the same time, help you demonstrate compliance with industry and regulatory standards. To find out more about our Cyber Security Services, please click here.
If you are concerned about ransomware or other cyberattacks, call us on +44 203 034 2244 or +1 323 984 8908. Alternately, you can contact us online. We will be happy to help you overcome your hotel IT challenges so that you can improve your guest experience and set your hotel apart. Cardonet have been working with businesses for the past twenty years to help them overcome their technological challenges. We have engineering bases in the United Kingdom, Europe and Southern California and our group of highly experienced engineers are available 24/7 to assist and ensure that your IT infrastructure is secure and running seamlessly.