Three Ransomware Tips for Area Businesses for 2021
For 2020, the word in technology was ransomware, and while many businesses were caught off-guard, there are no longer any excuses to not take cybersecurity seriously. Here are three ransomware and cybersecurity lessons businesses should learn before it’s too late.
Segregate Your Data with Access Permissions
When it comes to protecting your data, the fewer people with high-level or administrative privileges, the better. For the most part, administrators can access any data and control nearly any part of your network. Once a cybercriminal gains access to an administrator's credentials, they have full control over your network and the rest of your business.
The solution is really simple—if someone doesn’t need access, don’t give it to them.
This goes for both your general network and your company documents, and also for the applications your business uses. Most line-of-business applications will let you dish out different levels of permissions so, for example, a sales person cannot see financial information that your billing department needs to see. The fewer people that have access to sensitive information, the easier it will be to keep that information secure.
While multi-factor authentication can help prevent a bad actor accessing your system if they have managed to glean a team member's password, it can only do so much. In fact, phishing attacks are reaching a level of sophistication that they are able to beat 2FA.
When you set up access controls, you limit the number of people who can access or even 'see' data if they shouldn't have access to it. Known as the principle of least privilege, this access strategy is designed to provide team members the least amount of access required to perform their tasks.
Phishing is the Number One Method of Attack
Business technology in 2020 was defined by what feels like a countless number of ransomware attacks. Schools, hospitals, and even municipalities have all been targeted by aggressive ransomware attacks, but all businesses are susceptible. There has been one constant thread that connects most of these attacks: phishing. Phishing attacks are currently the primary tool used by cybercriminals to deliver ransomware. The best defense against phishing is a potent offense.
In other words, training your team.
Phishing and social engineering scams target residential users all the time, but businesses are a much more profitable target for cybercriminals. From the intern who gets coffee, to your CEO, any team member can be a victim of a phishing attack, and this can cause a huge and expensive disruption to your business. Everyone, regardless of position, must partake in regular phishing resistance techniques and training. It is not a matter of if you’re going to be targeted, but when.
You’re Going to be a Target
If there's one takeaway regarding cybersecurity post-2020, cybercriminals are only going to get bolder and more aggressive. As organizations continue to embrace technology as their primary business-boosting tool, they will continue to draw these bad actors' attention.
If your business isn't prepared to resist a ransomware attack, your options are limited to:
- Paying the ransom and hoping they release your data (and haven't sold it or put it on the dark web). This encourages them to attack you again, and in no way guarantees you’ll get your data back. Even Microsoft itself recommends that businesses don't pay the ransom.
- Don't pay the ransom, but have the expense of paying an agency to recover/recreate the lost data (if able).
Fortunately, with preparation, you aren't forced to choose between the lesser of two evils. When considering your options, the one step you have to protect your business from cyberattacks is to invest in a BDR (backup and disaster recovery) plan.
Whether due to human error, natural disaster, or a bad actor, protecting your data should be paramount. For most businesses moving forward, your technology is essential to your business' survival and needs to be treated with the attention it deserves. A BDR is the ideal backup solution for SMBs, offering the total solution required to get your business up and running after a disaster.
While you should back up your data, a backup without a plan to recover it results in only half a solution. When you have a BDR plan in place, you can have the confidence to take whatever steps you need to regain control of your data, even if it requires you to wipe your hard drives.
Is Your Business Ready for the Future?
One lesson learned from 2020 is that the future isn't foolproof and is always subject to change. Your organization needs flexibility, even in the best of times, let alone during these challenging times. Successful businesses make plans for the future, and the future lies with technology.
Now is the time to begin to formulate your cybersecurity plans and not wait until you're targeted, because by then, it will be too late.
Directive offers a wide range of services and solutions to help your business grow even during times of uncertainty. Our managed IT services are like having your very own team of IT experts, and our flat-rate IT ensures you’re never hit with a surprise expense. Directive is committed to protecting your business, staff, and customers. Call 607.433.2200 today to learn more about our cybersecurity solutions.