Think your biggest business problems are keeping up with industry trends, outpacing your competitors, finding the best talent, or figuring out how a hybrid work model fits your organization?

Each of these may undoubtedly be a challenge, but here’s another one to add to your (likely growing) list: Ransomware.

The severity and sophistication of ransomware attacks keep escalating across all industries. Cybersecurity Ventures, a top global cyber economy research and publishing organization, has predicted that ransomware perpetrators will have refined their “trade” enough to attack every two seconds in less than ten years.

In 2021, the Financial Trend Analysis (which is produced by the Financial Crimes Enforcement Network, part of the US Treasury Department) found the following:

  • $102.3 million: The average amount of reported ransomware transactions per month
  • 635: The number of suspicious activity reports (SARs) where ransomware was suspected, filed in just the first half of 2021
  • $590 million: The total dollar amount from 458 suspicious transactions reported in the referenced SARs

The financial cost is high, but what exactly is ransomware?

It’s one of the most prevalent and devastating malware or malicious software forms. It uses tricky tactics to get victims to download malicious attachments or visit infected sites to exploit vulnerabilities of legitimate sites and install malicious code.

What’s the point? To encrypt files on a device to make those files and systems unusable. Malicious actors demand ransom payments to free the encrypted files and infected systems. A ransomware attack can have a crippling impact on a business, seriously limiting its ability to operate or deliver services, not to mention the reputation-destroying consequences.

How can you defend against ransomware?

The best protections are proactive: Cyber hygiene, cybersecurity controls, and business continuity planning. There is no one perfect solution to defending your organization from ransomware. Your best bet is to take a layered approach to security. Here are seven things every business can do to protect against ransomware infection.

Have a plan

Every business should have a response plan and policies that can be enacted in the event of a cybersecurity breach of any kind.

Train employees to recognize ransomware

No matter how smart and well-intentioned, people are an organization’s number one security vulnerability. By providing comprehensive, up-to-date Security Awareness Training, you are significantly reducing your organization’s susceptibility to ransomware and other types of cybercrime that can bring business to a halt. Need help finding world-class Security Awareness Training for your staff? Contact us to learn more about Security Awareness Training.

Back up everything 

Offline, encrypted, routinely tested backups of data are critical. If your data is sufficiently backed up, there will be no need to pay the ransom because it won’t be as much of a threat. Part of effective backups include retaining backup hardware to rebuild systems.

Address vulnerabilities

Every device used in the business should be scanned regularly for vulnerabilities. Patch and update software in a timely manner, and ensure that security features are enabled, and all systems are up-to-date.

Implement email best practices

Block ransomware from your systems by using filters at the email gateway. This measure stops emails with known malicious subject lines and suspicious IP addresses from entering inboxes. Implement DMARC (Domain-based Message Authentication) and other sender policy frameworks to avoid spoofed or modified emails being sent from your domains.

Limit exposure by applying the principle of least privilege

Ransomware perpetrators often gain access via users with the highest privileges. Provide the minimum access to systems required for employees to do their jobs. Designate IT administrators as the only users with access to install software on network devices

Work with a cybersecurity partner

One of the most effective strategies to avoid attacks is to work with a cybersecurity firm (such as AccountabilIT) that has the expertise, knows the landscape, and will work closely with your team to ensure your systems are secure. With our scalable security solutions, we are experienced in providing state-of-the-art, enterprise-level security solutions adapted to each customer’s environment, whether they are a large corporation or a small or medium-sized businesses.

Work with us to create your customized cybersecurity plan. We have the needed insights working on the front lines of cybersecurity to help you prepare and prevent attacks, as well as to respond and restore in the event of a breach.