Ransomware can have a severe impact on your business. From causing your operations to grind to a halt, affecting revenue, and reducing company credibility, to lost data and possibly high extortion fees to decrypt your data, the costs can be drastic overall.
Ransomware attacks computers and network systems through downloads, phishing email links, hacked website pages, & more recently, exploiting vulnerabilities in servers and unsecured ports.
Hackers can get access through remote access connections (RDP), unsecured systems, or stolen/weak passwords.
Although no system or method is 100% effective in eliminating your chances of getting hit with ransomware, the following suggestions will help minimize ransomware risk and protect your business data as best as possible.
How to Minimize Ransomware Risk
1 – Make sure you use and keep anti-virus and anti-malware programs up to date on all of your systems. These can block and/or prevent most malware payloads from launching.
2 – Use caution when opening emails. Unless you’re expecting an attachment from someone, please don’t download or open it. The same goes for zip files and HTML files. Be careful with strange links as well. For example, many phishing emails look like a legit company but are redirecting the links to a malware site. If it’s questionable, always log in directly to the website you’re concerned about rather than using the link in the email.
3 – Keep all your OS and software programs patched with the latest security updates. Software manufacturers send out updates regularly to close any vulnerabilities in all your operating systems, server software, browsers, and plugins/extensions.
4 – Turn off administrative access for any users who don’t need it. Instead, users should be assigned the lowest priorities that allow them to complete their work.
5 – Close any open system ports leading to vulnerabilities like RDP (remote access connections). If you have users that need access to the system remotely, ensure they use protected VPN (virtual private network) links to keep your data encrypted and secure. Turn off any unnecessary network sharing.
Protecting Your Business Data
By far (74% in a recent study), having a solid data protection and recovery plan is the most effective solution to minimizing downtime and cost.
6 – Make frequent, comprehensive backups of your systems and files.
7 – Create a plan for your Recovery Point Objective (the most recent data copy you need – i.e., weekly/daily) and your Recovery Time Objective (how quickly your data can be recovered and systems are back online). This plan will help you determine the best data backup and recovery solutions needed for your business.
Recommended minimums: Use a 3, 2, 1 backup plan. Three copies of system data/files, stored in 2 different locations, 1 of which should be offsite. Keeping an offline backup copy inaccessible to the rest of your network, should it become infected, also prevents it from being contaminated. You can never have too many backups!
Learn more about how ClearCom IT protects our clients’ data with our ActiveSupport plans.
Revised from a 2018 post