“Ooops, your files have been encrypted!” These are the dreaded words that no one wants to see pop up on their computer screen. But as we’ve seen from the recent attack on the HSE, ransomware remains a major threat to every business and one that must be taken very seriously.
The attack on the HSE has been described as “possibly the most significant cyber-attack on the Irish state”, and with a secondary attack launched against the Department of Health in recent days, there is a growing realisation that every business is a potential target.
Organisations of all sizes across every sector have been targeted but there’s no doubt that healthcare has been hit the hardest. Within the last year, there has been a 580% increase in attacks targeting healthcare organisations globally.
The Covid-19 pandemic has created the perfect environment for these types of attacks to flourish and cybercriminals have been quick to capitalise on all the chaos and disruption to launch a range of targeted attacks.
If you were under any illusion that your business is too small to be attacked, the growing wave of ransomware attacks should serve as a major wake-up call that your business needs to take every step it can to protect its data. The stakes are simply too high to ignore!
How could ransomware cripple your business?
Ransomware is a particularly nasty form of malware that encrypts a victim’s files. It’s typically delivered through phishing emails that contain malicious links or attachments. As soon as the link is clicked, or the attachment’s opened, the malware will install itself on the system and start encrypting files. It’s often designed to spread rapidly across a network and could quickly paralyse your organisation within a matter of hours. Cybercriminals will assign a deadline for the ransom to be paid, and if the deadline passes, the ransom payment will be doubled, or the files permanently locked.
Top tips to prevent a ransomware attack
A successful ransomware attack could have devastating consequences for your business. The unfortunate reality is that many organisations are left in the unenviable position of either having to make a ransom payment or writing off the stolen data. To minimise the potential impact of a ransomware attack on your business, there are a number of steps you can take.
1. Keep your software and operating systems updated
Security software should be regularly updated to prevent hackers from gaining access to your network through vulnerabilities in older and outdated systems. Network vendors regularly release patches to address security vulnerabilities so it’s crucial these are applied as soon as possible.
2. Backup Data
The ultimate goal of a ransomware attack is to steal your data, hold it hostage, then demand a ransom payment for returning it. However, if your data has already been securely backed up, you take away the hackers’ key bargaining chip. Your data backups must be conducted regularly, and you should have 3 copies of your data in two different storage formats (with at least one copy located offsite).
3. Enable Multi-Factor Authentication (MFA)
MFA provides an extra layer of security that can significantly reduce the chances of your systems being hacked. In fact, according to Microsoft, your accounts are 99.9% less likely to be compromised if you use MFA. Effectively, it means that even if a hacker has an employee’s stolen credentials, they won’t be able to gain access to your network without another authenticating factor such as a pin, token, code, or biometric data.
4. Intrusion Detection and Prevention Systems
By using intrusion detection and prevention systems, most ransomware attacks can be detected and resolved before it’s too late. They provide a detailed insight into the traffic on your network and identify any anomalies that could suggest your organisation is being hacked. If any suspicious behaviour is detected, you will be alerted immediately, enabling faster threat detection and response.
5. Email and Spam Filtering
Cybercriminals send millions of malicious emails to random businesses and users across the world, but an effective email and spam filter can prevent more than 99% of these from ever reaching your employees’ desktops.
6. Educate your employees
Regular cyber security awareness training is crucial in preventing ransomware attacks and educating staff on evolving threats. Phishing emails are one of the most popular ways to spread ransomware so unless your staff are trained on how to recognise and respond to these threats, your business remains vulnerable to attack.
Don’t wait until it’s too late!
If you’re not preventing and planning on how to mitigate the risk of attack, then it’s only a matter of time until your business is the next company to be splashed across the news. It really is that simple. You must take immediate steps to invest in security measures that will protect your business and reduce the chance of attack.
For over 14 years, we have been committed to helping our clients defend against sophisticated cyber threats. As an ISO 27001 certified Managed Service Provider, we take cyber security incredibly seriously and understand how valuable your data is and what steps need to be taken to protect it.
We provide a full range of proactive IT services that include advanced security, round-the-clock monitoring, data encryption, network and firewall protection, anti-virus software, backups, and disaster recovery. We identify gaps that need to be plugged and work closely with you to ensure your IT systems are aligned with the latest technologies and security protocols.
To find out how we can help protect your business, get in touch for further information.