Ransomware isn’t just affecting small businesses. Large enterprise organizations are constantly being targeted by hackers. A 2016 study by Malwarebytes found that 40% of companies were attacked by Ransomware. Some of the more notable businesses hit recently by WannaCry include FedEx, Nissan, Hitachi, Renault and NHS. While Ransomware may not be 100% avoidable, there are protections you should have in place to minimize risk (Psst…check out the bottom of the post for a little something extra on phishing emails).
Here’s the top 6 Ransomware prevention tips:
- Backup your files regularly and check those backups. The malicious malware is successful because people end up paying the ransom. In most cases, these businesses don’t have a backup copy of their files and it would cost more to recreate them. However, you can’t simply backup your files. You must test your backups to make sure all of your important files are being backed up.
- Train your staff on phishing emails with simulated test emails. What’s the best way to know who needs phishing email training? Send them a simulated phishing email. This type of training program will provide a list of employees who clicked on the email. From there, you can require phishing email training to those who clicked and to your entire organization.
- Patch vulnerabilities in your operating system. This seems like a gimme, but surprisingly, there’s a long list of companies who forget to do just that. Large organizations must constantly install the latest updates especially since there are so many ports of entry.
- Select the option to show file extensions in Windows. Everyone will be able to see if the file is malicious or not. You’ll need to train your employees to stay away from specific files like “scr,” “exe” and “vbs.”
- Implement a multi-layer security approach. There’s an abundance of tools out there to help you keep your organization safe and prevent cyber threats. We recommend using Microsoft Enterprise Mobility & Security.
If you don’t have any of the protections in place, there’s a real chance you’ll get hit by Ransomware. While the above tips minimize risk substantially, it’s still possible to get hacked.
Here’s what you need to do if you’ve been hacked by Ransomware:
- Shut down the infected devices immediately to prevent the attack from spreading.
- Call law enforcement agencies like Department of Homeland Security to report the cyber-attack.
- Get the backup of the encrypted files.
- Change all passwords associated with the breach.
- Determine whether or not you should pay the ransom to get the encrypted files back.
Should you pay the ransom?
Unfortunately, this isn’t something someone else can decide for you. However, it is not recommended to pay the hackers. If you’re having trouble deciding, ask yourself these questions:
- What files did they encrypt?
- Do you have backups of these files?
- How many changes have been made to the files since the last backup?
- Will it hurt your organization to lose those changes? If so, how much?
- If you didn’t pay the ransom, how long would it take to recover encrypted files? And how much would it cost?
Could your employees infect your network by clicking on a phishing email? Find out now! We’ll send a free simulated phishing attack to your staff to see who would open a phishing email. After the email has gone out, you’ll receive a report with everyone who clicked on the email. Give us a call at 704-230-2058.
What Local Businesses Are Saying About Biz Technology Solutions
“Biz Technology Services provided excellent services in helping us move our on-premise Exchange environment to O365. They went above and beyond to make sure we had a successful transition. I would highly recommend as a technology partner!” – Lee Jones, City of New Bern
“The professionals at Biz Tech are a great augmentation to my IS Staff. They have the expertise to implement new technology quickly and effectively. We have worked on a few projects with them now and they are consistent in how they work and they keep things flowing. We will use them again in the future!” – Steven Scott, Qsource