5 Steps to Protect Your Business Data from Ransomware by Ian McClarty, CEO and President of PhoenixNAP Global IT Services

Ransomware attacks are making their way into the news more often than ever before. Cybercriminals continue to explore progressively shrewd and harder-to-prevent avenues of profitable cyber-attacks. For companies who fall prey to them, the results can be devastating.

Ransomware that finds its way in specific shared locations within a network can paralyze all organization’s operations. With every successful attack, cyber-criminals become more efficient in perfecting their ability to do more damage. Every business needs to become savvier about defending itself against and preventing such attacks.

Ransomware is exceptionally challenging to prevent. That leaves many businesses to think that a reactive strategy is the best way to go. While understanding how to fight back is essential, taking proactive steps to reduce the odds of falling prey to ransomware is crucial.

What is Ransomware?

Ransomware and other malware linger in the cyber world, waiting for the right opportunity to sneak in where you’ve let your guard down. That is when they attack and hold your businesses data hostage. The “ransom” is an amount of money you must pay to regain the data on your computer.

However, even after the release, many times, damage to your information is irreplaceable. In fact, according to a recent report by Symantec, only 47 percent of victims who paid the ransom reported getting their files back. This suggests that your company should better consider other strategies to protect their data.

By now, you have probably heard of ransomware attacks such as “WannaCry” and “Petya.” The WannaCry exhibited a global menace that shut down both private and public organizations. Since the ending of that specific attack, many more have taken their place. The lack of data protection has business executives scrambling to recover.

Although all businesses should prepare for such attacks, small and medium-sized companies seem to be the critical targets for cyber-criminals. The reason for this is because they understand that these size enterprises have less security in place for the protection of company data as well as fewer resources available for recovery.

Each Virus is Different and Can be Fatal to Your Data

You more than likely heard of the “WannaCry” nightmare before this article. The attack involved numerous large corporations in London. The other attack, “Petrwarp/Petya” took its aim at government agencies and corporations in the United States.

It was after these attacks that one thing became clear; not all companies are utilizing the right steps available to protect their vital data from cyber-criminals. Just because these attacks are no longer a threat does not mean the concern over your data is unreasonable.

The truth is, the attacks such as these develop by leaps and bounds. One after the other is just waiting for the weakness in your businesses data protection software. The Wannacry jumbled data files once it locked out its users.

Petra was a whole new monster. It took things to the next level by overwriting computers’ master boot records, making it tougher to restore the data even if there were backups in place.  With dangers such as these, it is time all companies become aware of the processes available to protect their sensitive information and data about their customers.

You may not be able to prevent an attack entirely, but you can postpone it or incorporate ways to catch it more quickly, by taking these steps.  Install an enterprise anti-virus software across all systems.

Upgrading Hardware

Sometimes it takes going above and beyond updates when it comes to combating the evil forces that linger online. That may very well turn into a significant financial commitment, but you need to consider updating your equipment to a secure solution.

When it comes to outdated products and equipment that can no longer receive the necessary updates, trying to defend your data is mute. If your programs cannot obtain pertinent updates, you have a problem.

That alone can leave significant loopholes in your infrastructure. Having old software or outdated equipment can provide broad areas where ransomware can access your data. Once that happens, there is no turning back.

Always Keep Your Software Updated

Performing regular software updates is the most straightforward step you need to take to combat ransomware issues. These updates can help seal the door that keeps malware and ransomware at bay. Once these attacks make it through previously undiscovered openings, they make themselves at home.

Unfortunately, many businesses take their time applying updates to their systems. These update delays are due to both time constraints in the IT department and legacy software accounts. However, this one simple step should take place as often as advised.

Be wise and have the IT department perform all necessary updates. You will be glad when the next ransomware attacks.

Disaster and Recovery Plan

Depending on the size of your company, having expert personnel to address security issues may mean hiring additional staff or outsourcing specific IT services. If a cyberattack were to happen, it is essential to have someone to rely on for the best defense plans to halt the threat.

Make sure these individuals understand the urgency of their responding time to the threat at hand. Through staff meetings and training they need to understand they could, in fact, one day save your most important company assets from attack.

Having a well-trained set of eyes monitoring for problems and troubleshooting when necessary is how the WannaCry cyber-attack got stopped in its tracks.

Consistent Testing

All the steps mentioned above won’t run smoothly if you have not checked, double-checked, and then checked again. The point here is, you can never test too many times. That means you should be going over your cyberattack disaster recovery plan on a consistent basis. You should also put time aside each week to check for critical updates.

Out of date systems should also be on the list of things to check. It is vital that you are monitoring these steps through follow-ups on a weekly basis. You can never get relaxed and allow your team to loosen up when you are dealing with cyber-criminals. Because you will pay a higher price if you enable systems and software to run out of date.

You just never know what threat you might prevent when you choose to review something for the second time. A missed update? Error in the plan? It is always smart to revisit and test.

Implement an Employee Awareness and Training Program

Training is vital. If your team does not know what it takes to protect their equipment, it can spell disaster. It will not matter what precautions you take if you do not train your staff.

Think about it, how many individuals do their job on a computer nowadays?

Now, if you need a computer to do your job would you know what to do if it suggested you perform a critical update? Would you recognize an email riddled with a virus? One link clicked, or one wrong email download could infect everyone on your network.

Take the time to schedule training through your IT team and implement software restriction policies for your entire staff. Keep yourself in constant communication about attacks in the news. Draw a step-by-step outline they should use to defend themselves and the entire company against cyberattacks.

In Conclusion, a Solid Plan is the Best Defense Against Ransomware

Today, the threats are a reality, and there is no way to make you and your company 100 percent risk-free. The harsh reality is, as you are reading this, there are cyber-criminals out there somewhere developing another virus that will disrupt the business world as we know it.

Large corporations will feel the impact as well as small mom and pop businesses. The thing that is certain about these attacks, they do not discriminate. They can attack any company if the right practices are not in place.

About the Author

Ian McClarty holds an MBA from Thunderbird School of Global Management. He has over 20 years executive management experience in the cybersecurity and data center industry. Currently, he is the CEO and President of PhoenixNAP Global IT Services. PhoenixNap employs a staff of over 600, operating in 9 separate locations including two in Phoenix, Los Angeles, Valletta, Malta, Belgrade, Serbia, Novi Sad, Serbia; Amsterdam Singapore, and Charlotte, NC.