Ransomware: Why your business should protect itself
Posted: Fri 19th Aug 2022
Last week, the National Cyber Security Centre for Ireland (NCSC) wrote to the Small Firms Association (SFA) to highlight the increased trend in ransomware attacks on Irish SMEs.
Here, Enterprise Nation adviser Fabio Cerullo, founder of Cycubix, explains what ransomware is, the damage it can do, and the measures companies should take to protect themselves.
What is ransomware?
A ransomware attack is when your digital device has been infected by malware which encrypts the files on your device and refuses you access to them.
How will you know if this has happened to you? You're likely left with a screen telling you that you've been a victim of ransomware, and you'll only get your files back once you deposit some kind of cryptocurrency into a bank account.
Fabio says:
"At that point, you have two options – restore from the backup if you have one, or, if you don't have a backup, lose your data and start from scratch."
Well, there is a third option. You can pay up to get your files returned. But Fabio does not recommend this unless you absolutely have to.
"You're just funding them for this to become a bigger issue. The funds they receive, they will only use to help spread more malware, so in a way you are contributing to crime.
"I know in some organisations they are caught between a rock and a hard place; they don't have a backup and they have highly sensitive information in those files. The only way to recover the files is to pay the ransom. But the official response should be 'never pay'."
Protecting yourself
When it comes to protecting your devices from bad actors, if you're investing in antivirus protection for your device, Fabio recommends investing in an EDR (endpoint detection and response) solution.
"The reason I’m suggesting this is ransomware acts in very funny way. This latest antivirus will detect when something is starting to act strangely on your laptop, and it will try to block it. You need an antivirus that is clever enough to detect ransomware.
"If you have the latest edition of Windows on your devices, now Windows comes with an antivirus so just make sure that it's up to date. There is a myriad of products out there but if you have Windows, you will have the EDR solution you need.
Fabio has other recommendations too.
"Make sure you're updating your system regularly – it’s called patching. So, when you get the pop-up that says you need to update your machine, don't click dismiss. And make sure you have a backup – make backups regularly."
At least with a backup, if your machine is hit and you can’t access encrypted files, you'll have a version of your data that's almost up to date.
Where's your backup?
You should never keep your backup on the same device. If you're hit with a ransomware issue, the last thing you need is for your backup to be encrypted too.
Get used to using an external hard drive, and plug it out after every backup you do. You can do this every week or every month depending on how much data your company generates.
Fabio explains:
"For corporate networks, this gets a bit trickier because they will need to have their backup storage connected in the network. Only have your backup connected to the network at certain times – maybe only between 7pm and 8pm every day – before disconnecting again."
Team training
There's little point in companies putting in all the efforts to make sure their data is safe, and devices secure, if they don't deal with the biggest factor involved in a ransomware attack – human error. Before malware can infiltrate your system, someone has to click on the 'infected' link.
Educating your team regularly is paramount. The more sophisticated these bad actors become, the more awareness people within the company need about what these threats might look like.
Fabio suggests:
"Showing them some examples is always a good idea. Maybe they have never seen what ransomware looks like or what it can do, so show them.
"It's important that the moment they see something suspicious happening with their device, they know to report it as soon as possible to IT, the security team or even the boss. It needs to be reported to someone, because with ransomware the longer it takes to report it, the worse it gets.
"Don't just shut the device down, go for a coffee and hope it disappears by the time you come back! Report it ASAP. Think before you click."
Enterprise Nation is working with Microsoft, Klarna and Vodafone to support 20,000 small businesses across Ireland to improve their digital skills.