Business owners need only scan the headlines to learn the financial and infrastructural dangers of a ransomware assault. Earlier this month, between
Business owners need only scan the headlines to learn the financial and infrastructural dangers of a ransomware assault. Earlier this month, between 800 and 1,500 business, most of them smaller concerns like accountants’ and dentists’ offices, were hit by ransomware centered on U.S. information technology firm Kaseya.
Protecting your organization against ransomware starts with creating a cybersecurity framework, observes Pargman. To that end, the National Institute of Standards and Technology (NIST) offers businesses a quick start guide with tips and tactics for improved risk management. The framework is organized by five key functions — identify, protect, detect, respond and recover.
In practice, companies should classify critical enterprise processes and applications, continually backing up those assets on the cloud or physical disk. Saving data is not enough — businesses must also make a point to test their backups in preparation for a worst-case scenario.
“Keep more than one copy of your backups,” said Pargman. “At least one should be offline and not accessible on the network.”
John Nicholas, a professor of computer information systems at the University of Akron, said smaller entities lacking a robust IT budget or a full-time tech whiz should hire a consulting company to handle online security remotely.
There are also best practices businesses can employ to protect themselves, such as training staff to beware of phishing emails that could download a virus into the network.
Nicholas said, “If you’re not sure where an email is coming from and it has an attachment, don’t open it. You should also use complicated passwords. NIST recommends a 20-character pass phrase with symbols and letters.”
Regularly updating both the operating system and applications installed throughout the network is another means of defending against attack. Busy executives can enable automatic updates or use software tools that will scan devices for vulnerabilities. Meanwhile, 24/7 monitoring of company logs by a consulting firm will detect anomalies to systems or accounts.
If a cybersecurity event is detected, your enterprise should be prepared to act quickly. Nicholas suggests contacting the FBI immediately, as cyber hacking is a criminal activity that a business owner is likely unprepared to handle alone.
Pargman, a former FBI computer scientist, said going solo plays directly into a hacker’s hands.
“Attackers will try to control the narrative and force owners into (the attacker’s) timeline,” said Pargman. “The idea is to convince owners to do things in the criminal’s best interest.”
Paying a ransom is no guarantee that a company’s data will be restored. What’s more, complying with hacker demands doesn’t mean the criminal in question will simply disappear into the night.
“When I’ve been consulted, I say don’t pay the ransom,” said Nicholas. “When you do that, you’re contributing to the problem, and funding people who will make a more dangerous ransomware variant and come back after you anyway.”
Cyber liability insurance is an option, with policies covering the cost of business interruption expenses as well as the ransom itself. Nicholas doesn’t view insurance as a sustainable model, however, because attacks are only going to ramp up in severity and expense. Ultimately, it’s up to small businesses to recognize ransomware as a true threat to their operations.
“It’s cyber warfare at this point — there needs to be ownership buy-in and an ongoing dialogue,” Nicholas said. “You’ve got to have discussions in the company and change the culture, similar to any paradigm shift in business attitudes.”