Australia’s small to medium-sized businesses face an ever-increasing threat of ransomware attacks as cyber hackers take advantage of the quick transition to remote working.
As businesses race to establish remote and hybrid working structures in the midst of the pandemic, a greater risk for attack is emerging as many SMEs lack the cybersecurity posture to protect their data online. According to a new report from the Cyber Security Cooperative Research Centre, businesses are in dire need of educating their employees on the basics or cybersecurity and cyber hygiene.
Therefore, it’s little wonder that the question “How do I make sure my company never pays a ransom for our data?” is becoming high on business owners’ agendas.
The first step in preventing a ransomware attack is properly educating your employees about what ransomware is and how it infects systems. The most iron-clad software and hardware are of no help if an employee is careless. Part of your strategy should include a plan for helping your users spot and avoid ransomware. Many businesses hold mandatory quarterly security seminars where admins help employees understand various types of cyber-attack. Your plan should cover everything from ransomware to phishing to the growing threats from social engineering scams.
The following are some simple security practices for employees to ensure they do their part in keeping these increasingly common attacks at bay.
7 ways to reduce the risk of ransomware attacks
- Use email filtering
This reduces the number of potentially malicious emails coming your way. Businesses should invest in enterprise-grade solutions. These will use techniques such as blacklisting, whitelisting, and user-based email analytics to balance the filtering of spam and legitimate mail.
- Scan attachments
If email is the vehicle that drives it, then the attachment is the cargo you open to unknowingly unload the malware on your system. A lot of enterprise spam filters have scanning functions that allow you to check your messages for potential threats. Whether it’s built into your spam filter or anti-malware software, put those scanning capabilities to use before opening any email attachments.
- Block attachments
Blocking select attachments is one of the most effective ways to stop ransomware at the gate. The system may prevent users from opening .exe, .com, .bat, .js, .docx, and other file types commonly associated with malware. Because this method could also restrict access to legit files you actually need, it might be a good idea to designate a separate server, such as the cloud, for exclusively handling blocked file types.
- Preach safe surfing
Like malware in general, ransomware distribution is not limited to email. This type of infection can be spread by visiting rogue websites, downloading free software, and even connecting infected USB drives to your system. A computer security training program that covers all the basics of responsible web browsing can make a world of difference when it comes to staying protected.
- Promote good data-backup habits
With so many employees working remotely, it’s harder for businesses to manage backups and store data on the corporate network. Encourage employees to be responsible and back up their data regularly. If they store data on a local flash drive inserted into their laptop, they should back it up to the cloud or another hard drive. If employees store their data primarily in the cloud, they should be sure to have another copy somewhere offline.
- Limit the number of files employees can access
Employees should only be able to access data and folders based on the principle of “least privilege.” This is the concept of only giving employees enough access to perform their required jobs. Least privilege can prevent workers from accidentally deleting or corrupting files they should never have had access to in the first place. Enforcing the least privilege can significantly reduce the risk caused by human error.
- Test your people and systems
It is wise to consider regular testing once your network is in tip-top shape. This includes network vulnerability testing, testing backups, and testing employees—people are often the weak link in the security chain. That’s why some businesses formulate strategies for testing employees. That could include sending fake phishing emails or even hiring companies to conduct mock social engineering scams. Whatever the case, testing should be a regular part of your security strategy.
Leo Lynch is the Director of Asia Pacific for StorageCraft, an Arcserve Company, a provider of integrated data backup, protection and recovery solutions. With over 30 years of channel experience, Leo is focused on partner-centric growth in one of the fastest growing regions in the IT market.
Looking for more tips from security and tech experts?
How to set up a remote office for success