Build these five habits to reduce the risk of ransomware

David Emm, Principal Security Researcher, Kaspersky, shares with Top Business Tech the five key ways in which IT leaders can ensure that their organisations are protected against ransomware attacks.

Following a spate of high-profile attacks, it is all too easy to consider ransomware a threat to large, well-known businesses. Research, however, suggests this is far from the case. There are plenty of reasons for small or medium businesses (SMBs) to be proactively approaching the issue of ransomware. 35% of SMBs hit by a ransomware attack in 2020 at an average cost of US$183k[1]; this is a trend that shouldn’t be ignored.

SMB’s can no longer treat cybersecurity as a lesser priority compared to other businesses issues. Pre-emptively securing your businesses, as well as building a plan, is now essential for business continuity. This is to say, if the threat of ransomware isn’t on your radar, you are putting your business and its data at substantial risk. 

In light of the recent Anti-Ransomware Day, here are some key measures and best practices for businesses.

1. Backup systems as an ongoing process

Making system backups should be a regular process, and ensuring they are up-to-date and accessible is vital. And keep them on devices not connected to the corporate IT network. That will keep data safe if the entire network is ever compromised. Also, ensure you can find and invoke backups quickly in case of an emergency. This is great practice for any number of situations, not just ransomware. Think of it like being able to go back in time to before any incident caused loss or corruption of company data. One big benefit of this approach is that the business can continue running smoothly without downtime interruption. 

2. Consider updates a cybersecurity essential

Making updates when prompted by your operating system can seem like an unnecessary pain – particularly if you’re making great progress on work or have a list of emails to send. But, running an update on your OS or business software can provide critical security updates, as well as features that may just do the work you’re doing easier. Instead of seeing it as wasted time, use it to stretch your legs, rest your eyes, grab a drink, and come back with renewed focus – and most importantly, a secure machine.

3. Maintain communication around cybersecurity

Knowledge is power when it comes to being safe online, so make sure you talk to your employees about the variety of cybersecurity threats they might encounter, whether phishing emails, untrustworthy websites or software downloaded from unofficial sources. Make the process relaxed and informal with an ‘ask me anything’ online session accompanied with plenty of imagery and real stories to keep it engaging and relatable. If a more formal approach is needed, consider interactive training and tests to ensure staff remain vigilant. Special attention is paid to employees who work with sensitive data, such as accountancy, legal, and HR.

4. Remain disciplined with safe passwords

Not all passwords are created equal, so make sure you use strong ones to access corporate services and use multi-factor authentication to access remote services. This is particularly important for business services like accountancy, where such precautions can save data and money from accidental or deliberate actions. Take the example of a lost laptop. Most businesses are prepared for the loss of physical property, but it’s only with secure passwords that they can be reassured that data will remain secure should the laptop fall into the wrong hands.

Password managers can be an effective way of making this process easier. These software programs create, store and enter secure passwords for you so that all you need to remember is the password to launch the password manager. This removes the barrier to remembering multiple different passwords, which often leads to individuals using weak passwords or one password across multiple accounts. 

5. Plan for the worst

When instances of data loss occur for any reason, panic often ensues, with different departments assessing how it will affect them and their teams. Response and crisis communication plans will take the edge off a terrible situation if the worst does happen. See it as a shelter and a stock of supplies against a future storm that will help your business better weather it by saving time on decision-making if an urgent response is needed.

What if the worst happens?

Ransomware is a threat to businesses of all size and scope, and it remains crucial to stay vigilant. As a rule, never pay the ransom. Although this may seem like the best and only option at the time, this will not guarantee that seized data will be returned. On the contrary, it will only confirm that the perpetrator’s activity works. To tackle ransomware long term, we all need to do our part to show that crime doesn’t pay.

Notably, our global study of 15,000 consumers found that only a quarter of those who paid fraudsters ever got their data back. The top priorities following a data breach should be to report the crime to your local law enforcement agency or find a decryption tool online through a reputable source such as No More Ransom.

There is no magic solution for ransomware attacks, and this is especially the case after they have occurred. For businesses of all sizes, however, cybersecurity can be enhanced massively by simply cultivating good habits. By making cybersecurity a seamless part of your day-to-day operations, you limit the potential of a vulnerability and limit the effort required to be ‘cybersecure’. 

READ MORE:

  [1] According to Kaspersky IT Security Risks Survey 2020. For the survey, 5,266 IT business decision-makers were interviewed across 31 countries in June 2020.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

David Emm

David Emm is Principal Security Researcher at Kaspersky, a provider of security and threat management solutions. David joined Kaspersky in 2004. He is a member of the company's Global Research & Analysis Team (GReAT) and has worked in the anti-malware industry since 1990 in a variety of roles, including that of Senior Technology Consultant at Dr Solomon's Software, and Systems Engineer and Product Manager at McAfee.

Choose an AI solution to transform beyond technology

Kit Cox • 09th December 2024

The first step is knowing exactly what your business wants to achieve with AI; think faster, smarter and more efficient. Once you know what you are working towards, you can start looking for a solution that can help you make it a reality. AI integration can feel like a daunting task at the beginning, so...

A Roadmap to Security and Privacy Compliance

John Lynch Director of Kiteworks • 04th December 2024

Only by understanding the current regulatory environment and implementing robust data protection measures, can organisations enhance their security posture, ensure compliance, and build resilience against the latest cyber threats. This article provides a comprehensive roadmap of how to do it.

Data-Sharing Done Right: Finding the Best Business Approach

Bart Koek • 20th November 2024

To ensure data is not only available, but also accessible to those that need it, businesses recognise that it is vital to focus on collecting, sorting and governing all the data in their organisation. But what happens when data also needs to be accessed and shared across the business? That is where organisations discover a...

Nova: The Ultimate AI-Powered Martech Solution for Boosting Sales, Marketing...

Erin Lanahan • 19th November 2024

Discover how Nova, the AI-powered engine behind Launched, revolutionises Martech by automating sales and marketing tasks, enhancing personalisation, and delivering unmatched ROI. With advanced intent data integration, revenue attribution, and real-time insights, Nova empowers businesses to scale, streamline operations, and outperform competitors like 6Sense and 11x.ai. Experience the future of Martech with Nova’s transformative AI...

How E-commerce Marketers Can Win Black Friday

Sue Azari • 11th November 2024

As new global eCommerce players expand their influence across both European and US markets, traditional brands are navigating a rapidly shifting landscape. These fast-growing Asian platforms have gained traction by offering ultra-low prices, rapid product turnarounds, heavy investment in paid user acquisition, and leveraging viral social media trends to create demand almost in real-time. This...

Why microgrids are big news

Craig Tropea • 31st October 2024

As the world continues its march towards a greener future, businesses, communities, and individuals alike are all increasingly turning towards renewable energy sources to power their operations. What is most interesting, though, is how many of them are taking the pro-active position of researching, selecting, and implementing their preferred solutions without the assistance of traditional...

Is automation the silver bullet for customer retention?

Carter Busse • 22nd October 2024

CX innovation has accelerated rapidly since 2020, as business and consumer expectations evolved dramatically during the Covid-19 pandemic. Now, finding the best way to engage and respond to customers has become a top business priority and a key business challenge. Not only do customers expect the highest standard, but companies are prioritising superb CX to...