Every year, ransomware attacks cost small and medium-sized businesses thousands of dollars and cause irreparable damage. Unfortunately, most businesses are unprepared for ransomware attacks and they are often devastating. The main issue is that not all cloud accounts are secure, and it doesn’t take much to compromise an unsecured account.
Box explains that ransomware employs asymmetric encryption, which generates different keys to encrypt and decrypt data. This is why businesses end up paying the ransom requested by the criminals. It’s nearly impossible for businesses to access their data after a ransomware attack, and paying the ransom seems like the only solution.
If you’re running a business, no matter how small, you’re a target for ransomware attacks. However, there are ways to mitigate the damage from a ransomware attack, and this article will show you how.
1. Use a secure cloud file storage system
Most businesses use cloud-based file storage for important documents, including marketing materials, contracts, web server backups, and images. Cloud storage accounts are convenient, but they need to be configured and managed to be secure.
Here’s how you can ensure your cloud file storage system is secure:
- Choose a reputable, secure company, like Box.
- Make sure your files will be encrypted on the file storage server and in transit.
- Verify that your account security settings are accurate.
- Be restrictive with the links you send to others.
- Create a strong data security policy that restricts and limits access to files and folders.
- Don’t rely on your cloud file storage system as your only backup – create at least one additional backup of your files.
Remember that your file storage account is only as secure as you make it by limiting access and enforcing your company’s security policies. All it takes is one leaked or shared password to compromise your entire account.
2. Have a backup and restore plan
Ultimately, you need a plan for backing up and restoring your data. Having a backup of your data means you can ignore ransomware attacks and start over. You might need to buy a new machine, but you won’t need to pay a ransom or worry about getting your data back.
If you don’t already have a thorough backup and restore plan, now is the perfect time to create one. Ransomware attacks aren’t the only cyberattacks you need to be concerned about. They are, however, one of the most severe. Although, the damage will be significantly less when you’re prepared.
3. Create regular file backups
As a general rule, you should create backups at least once a month, if not once a week. If you alter or create new files daily, you should consider daily backups.
It’s important to have backups in multiple locations (on different devices) as well as retain several older backups just in case you need to restore your files prior to a certain date.
If your files have been infected recently, your recent backups will also be infected. Having older backups means you can restore your data from a point prior to the infection.
4. Keep an offline backup
It’s also important to keep at least one backup offline. For instance, you can create daily backups to a dedicated hard drive and disconnect that hard drive from the internet once it’s complete. When your backup source is connected to the internet, it’s susceptible to attacks.
The problem with ransomware is that once your data is encrypted, you can pretty much guarantee you’ll never get it back. You can’t count on the hacker decrypting your data if you pay the ransom.
Even if the hacker unlocks your data, there’s no guarantee it won’t happen again. The files you regain access to could still be infected. Knowing you’ve already paid once, the hacker might launch another attack.
5. Use secure email
To prevent damage from a ransomware attack, it’s critical to use a secure email provider for your business. Don’t allow anyone to use their personal email address for work since you can’t control the security.
What does email have to do with ransomware attacks? Everything, really. If sensitive information, like login credentials, is sent over email, a hacked email account can compromise all of your business accounts.
Additionally, most ransomware attacks are preceded by emails containing downloadable malware, phishing, and spear-phishing attacks. This is why many businesses use Google for their business email accounts.
Ransomware doesn’t need to be devastating
Now that you know several ways to protect against ransomware, you can implement the solutions that work for your business. Keep in mind that not all attacks can be prevented even with the best security measures in place. However, as long as you have a clean backup, you’ll have the advantage after an attack.