You know the value of your business’ data, and the cost to your business if it was lost. Unfortunately, so too do cyber criminals. We’ve seen a rise in ransomware attacks here at Telstra Business Technology Centre Perth South, as well as an increase in the number of attempted breaches. Unsurprisingly, the Australian Cyber Security Centre (ACSC) has also reported that ransomware attacks are on the rise in Australia.
What is Ransomware?
Ransomware is a common type of malware that locks down your devices, server or files. The attackers then demand a ransom in order to restore them. The ransomware attacks that are the most impactful are those that lock down data that is absolutely critical to the operation of your business. Think customer information held in a CRM and product orders – not to mention the productivity cost when your staff are out of action.
In some cases, the cyber criminals will give deadlines to payment, imposing a sense of urgency that may make you tempted to pay up. Best practice advice is to never hand over money if you are hit with a ransomware attack. So, what can you do to proactively prepare your business and help defend against ransomware?
How can I help defend my business against ransomware?
We’ve put together some steps you can take to start preparing your business today.
- Locate and back up your data
Before you can back up or protect your data, you first need to identify all of the locations data is stored. Do you have business data stored locally, on mobile phones or devices? Do you use cloud file management to transfer and store documents?
Once you’ve mapped out all of the locations of your critical business information, the next step is to regularly back it up. It’s important that your backed-up data is kept on a separate network, to help keep it segregated from a ransomware attack.
If your business falls victim to a ransomware attack and you have recently backed up your data off the network, you may be well placed to restore and recover.
- Implement a password management process and multi-factor authentication
Weak passwords make it easier for cyber criminals to gain access to your devices and network. By implementing a strategy for managing your passwords and pins, you can start to build a stronger layer of security around your sensitive information.
Password management software and multi-factor authentication can also help you create stronger passwords that require additional verification – ideal if you have staff logging in from multiple devices remotely or on site.
- Educate yourself and staff
Being aware of potential cyber threats and understanding how you can be more vigilant online is key to helping your business steer clear of scams. With cyber criminals implementing more and more sophisticated methods, it’s important to keep everyone in your business updated.
Here are a few quick tips for staying safe online and avoiding cyber attacks:
- Never give out your credit card or password over email – and someone asks for them over email, contact the sender on a validated phone number and check the request actually came from them.
- Don’t log into the internet using a public Wi-Fi connection – these can leave you vulnerable to ‘man in the middle’ attacks that can intercept data transmitted, such as passwords.
- Be wary of emails you aren’t expecting to receive, as attackers can mimic reputable companies to coax personal information from you. These are called phishing emails.
- Keep up to date with the latest scams so you know what to watch out for.
- Use endpoint protection
Endpoint protection solutions like Sandblast can detect threats and help protect against viruses, worms and trojan horse malware.
- Run an IT health check
By assessing your IT systems, you can start to identify any possible vulnerabilities. A good place to start is by checking that:
- no personal devices have access to your network
- your apps, devices or software are all up to date
- you have a password management system in place
- there are no unauthorised apps running on your devices – and you have an approval process for installing new apps
What should I do if my business has been attacked with ransomware?
If you do fall prey to a ransomware attack, ACSC advises not to pay the ransom. There is never a guarantee that cyber criminals will restore your information if you pay up. And, cooperating with cyber criminals is an indicator that your business is likely to pay a second or third time, inadvertently making you a target for future attacks.
ACSC recommends that if you are a ransomware victim you should report the attack on the ReportCyber website, and talk to your cyber security provider for advice on how to recover.
Talk to the experts
At Telstra Business Technology Centre Perth South, we help local businesses assess their IT environment and identify vulnerabilities with a cyber security audit. Talk to us to get started with your cyber security strategy today.