Five good habits to minimize the risk of ransomware

Five good habits to minimize the risk of ransomware
(Image credit: Shutterstock)

Ransomware might seem like more of an issue for large, well-known companies, but research has shown that there are plenty of reasons for small or medium businesses (SMBs) to be aware of and defend against the problem. With some 35% of SMBs hit by a ransomware attack in 2020, at an average cost of $183k[1], this is a trend that shouldn’t be ignored.

About the author

David Emm is Principal Security Researcher at Kaspersky.

Far from being under the radar, SMBs can find themselves vulnerable because they might treat cybersecurity as a lesser priority when compared with other business issues. However, it is important to be empowered against the threat of attack, especially since many easy-to-follow cybersecurity habits are useful to ensure reliable and secure business processes more widely. And in light of the recent Anti-Ransomware Day, here are some key measures and best practices for businesses:

1. Backups are for life, not just a one-off

Making system backups should be a regular process and ensuring they are up-to-date and accessible if needed is vital. Always make fresh backups and, if possible, keep them on devices not connected to the corporate IT network. That will keep data safe if the entire network is ever compromised. Also ensure you can find and invoke backups quickly in case of an emergency. This is great practice for any number of situations, not just ransomware. Think of it like being able to go back in time to before any incident caused data loss or corruption of company data. One big benefit of this approach is that the business can continue running smoothly without the interruption of downtime.

2. Don’t delay, update today

Making updates when prompted by your operating system can seem like an unnecessary pain – particularly if you’re making great progress on work, or have a list of emails to send. But running an update on your OS or business software can provide critical security updates, as well as features that may just make the work you’re doing easier. Instead of seeing it as wasted time, use it to stretch your legs, rest your eyes, grab a drink, and come back with renewed focus – and most importantly, a secure machine.

3. Keep talking about cybersecurity

Knowledge is power when it comes to being safe online, so make sure you talk to your employees about the variety of cybersecurity threats they might encounter, whether phishing emails, shady websites, or software downloaded from unofficial sources. Make the process relaxed and informal with an ‘ask me anything’ online session accompanied with plenty of imagery and real stories to keep it engaging and relatable. If a more formal approach is needed, consider interactive training and tests to ensure staff remain vigilant, with special attention paid to employees that work with sensitive data, such as accountancy, legal, and HR.

4. Play it safe with password protection

Not all passwords are created equally, so make sure you use strong ones to access corporate services and use multi-factor authentication to access remote services. This is particularly important for business services like accountancy, where such precautions can save data and money from accidental or deliberate actions. Take the example of a lost laptop. Most businesses are prepared for the loss of physical property, but it’s only with secure passwords that they can be reassured that data will remain secure should the laptop fall into the wrong hands.

5. Hope for best, plan for the worst

When instances of data loss occur for any reason, panic often ensues, with different departments assessing how it will affect them and their teams. Response and crisis communication plans will take the edge off a terrible situation if the worst does happen. See it as a shelter and a stock of supplies against a future storm that will help your business better weather it, by saving time on decision-making if responsive action is needed.

What if the worst happens?

Ransomware can affect every business, large and small, but it is important to remember that no matter who is affected, you should never pay the ransom. It might seem like the best and only option at the time, but it won’t guarantee you’ll get your data back. Instead, it will encourage the perpetrators to continue with their activities by showing them that crime does pay.

Indeed, in our global study of 15,000 consumers, only a quarter of those who paid fraudsters got their data back. You should report the crime to your local law enforcement agency instead of giving in to the demands or find a decryption tool online through a reputable source such as No More Ransom.

When good habits become a seamless part of our day, we reap the benefits with little to no effort. This is particularly important for SMBs, to safeguard themselves from potential cyberattacks and the knock-on effect this can have on day-to-day operations. There is no substitute for staying vigilant and having robust practices in place – your bottom line will thank you in the end.

David Emm

David Emm is Principal Security Researcher at Kaspersky Lab, a provider of security and threat management solutions. He has been with Kaspersky Lab since 2004 and is a member of the company’s Global Research and Analysis Team. He has over 11 years of working experience.