The Ransomware Checklist: Are You Prepared?

October 31st, 2017
The Ransomware Checklist: Are You Prepared?

Ransomware is nothing new, but the last couple of years have seen an especially unprecedented rise in its proliferation. Even multinational companies with services in Orange County were attacked, as evidenced by the Petya infection at the APM Terminal.

Many small businesses are left wondering how they can possibly survive the onslaught of this latest disturbing trend. As always, the best offense is a good defense, and that means taking a proactive approach to make sure such threats never make it past your firewall in the first place.

#1. Your Data is Backed Up

You should keep up-to-date backups of your files for a multitude of reasons. However, when it comes to protecting yourself against ransomware, backups are your most powerful line of defense, provided they’re stored off-premises rather than on your own networked computers.

Eliminating ransomware requires wiping infected machines, hence the necessity to have a backup handy. For best results, you should use a cloud-based backup service that operates independently of your network.

#2. Your Team is Trained in IT Best Practices

Like many cyberthreats, most ransomware attacks start with an email phishing scam, whereby criminals use social engineering tactics to build trust and dupe victims into downloading malicious software.

However, armed with knowledge and experience, most phishing scams should be obvious. That’s why there’s no substitute for training your team and actively raising awareness to the problem. That way, you’ll be able to create a culture of accountability and have staff report potential threats right away.

#3. Your Software is Up to Date

When the WannaCry ransomware hit the headlines back in May, over 90% of infected machines were running Windows XP. No longer supported by Microsoft, the now long-deprecated operating system is inherently vulnerable, since there are no longer any security patches being released for it.

This now infamous WannaCry attack was a perfect example of why businesses need to keep all operating systems, firmware and other software up to date with the latest security patches.

#4. Your Network is Well Protected

So called “perimeter defenses” are about far more than just running antivirus software on your desktops and servers. In fact, antivirus is just one component in what should be a multi-layered and proactive approach to cybersecurity.

Your first line of defense, for example, should be round-the-clock monitoring of all incoming and outgoing network traffic, backed up by automated alerts whenever a suspicious activity is detected. Other layers of security include a firewall and an intrusion prevention system that prevent threats from making their way from the internet to your business’s data.

#5. Your computers and mobile devices are locked down

Relying on antivirus alone to protect all your endpoints, such as desktop devices and smartphones, is not enough by itself.

With bring-your-own-device (BYOD) policies becoming increasingly popular in the workplace, organizations are under increasing pressure to adopt innovative measures to maintain control and accessibility over their IT resources. That means enforcing a strict password policy, using login systems that require multiple approaches (fingerprints or physical tokens), and blacklisting vulnerable apps and devices.

If the Worst Happens, Don’t Pay the Ransom

No matter how rock solid your cybersecurity strategy might be, there’s no such thing as a system that’s 100% immune to hackers.

If, despite your best efforts, your business still falls victim to a ransomware attack, you should always have a contingency plan to fall back on, such as the off-premises backups we mentioned earlier. Many victims, in desperation to regain access to their data, are tempted to pay the ransom, even though there’s no guarantee of it working anyway.

Ransomware is just one of many threats that modern businesses face, and it isn’t going to disappear any time soon. That’s why you need to prepare your business with proactive monitoring and a disaster recovery strategy. Here at OC-IT, we provide the full range of IT services to Orange County small businesses so they can confidently secure their assets and drive our community forward. Contact us today to learn more about our trustworthy solutions.