Have you been scared of ransomware? 6 things you can do to protect your business
Editor’s Note: Martin Morgan is Marketing Director at WingSwept.
GARNER – The recent massive global ransomware attack has affected more than 1,000 businesses around the world and could cost tens of millions of dollars. The extent of the damage he caused is still unknown.
For small and medium-sized businesses in the Triangle, this is the latest red flag in what is becoming a long list of high-profile cyber attacks. Here are six things SMBs should do now to protect and prepare their business for future attacks:
1. Understand where your risks are. The ransomware is coming. Hackers may have already attempted to compromise your business through phishing emails or other attack vectors. Regardless of the size of your business, telling yourself that you will not be a target is no longer plausible. Who and what has access to your network and your data? Consider employees, vendors, systems and software. Document all the people and things that have access to them, then reconsider whether they need the level of access they have. Apply the principle of least privilege. Make sure your users have received training on how to avoid phishing attacks.
2. Take an inventory of all the places where you store data. Where are your most sensitive data stored? If you had to do that, could you close access to it? Document where all your data is stored, then categorize it by sensitivity so that should you fall victim to an attack, you can take steps to shut off access to your most sensitive data first. Make sure your data is backed up. Consider implementing the 3-2-1 backup rule: three copies of your data on two different systems with one copy stored offline.
3. Make physical copies of phone trees and important contact information. If you suddenly lost access to all your files, would you be able to reach the people you need to contact immediately? Document their contact details and print them out.
4. Use a next-generation antivirus tool. The next generation antivirus uses machine learning and artificial intelligence. Look in your current antivirus tool. If it’s not considered the next generation, move on to the one that is.
5. Extend your security. Don’t just stop at antivirus. Modern security requires defense in depth. Each layer gives you a chance to protect your most important data. Use multi-factor authentication. Use a firewall and DNS security level. Create or update your password policy to be more stringent. Train your employees. Use network threat detection and security information and event management (SIEM) tools. Don’t forget about physical security.
6. Exercise due diligence with any potential technology vendor. Go through the verification process as much as you would with a banker or other mission critical supplier. Ask them about the software they are using, any recent compromises they may have had, and recent vulnerabilities discovered. Think twice before putting an exclusion in your antivirus to run software.
If a vendor tells you that you need to put an exclusion in your antivirus to run their software, then you should find another vendor.
As a small or medium-sized business, it can be easy to get overwhelmed by the many things you are told to do to protect your organization from cyber attacks. By following the six tips included here, you can build a solid foundation of safety and preparedness that will serve you well now and inspire you in the future.
WingSwept is a B2B technology services company headquartered in Garner, NC, with an additional office in Chantilly, Virginia. Visit www.wingswept.com for more information.