A group of people seen through a window, with reflections of lights laying over the scene. Three worried colleagues cluster around a computer showing a blue error screen. In the background, two other people work at their own computers.
By the time a ransomware attack happens, it may already be too late to protect your business. Learn the steps your organization should take to prevent attacks. — Getty Images/NoSystem images

Hackers frequently seek to take advantage of smaller merchants who don’t have the same resources or knowledge as larger enterprises to protect their data. The Ransomware Taskforce estimated that small businesses were the victims of 70% percent of ransomware attacks in 2021. Unfortunately, these attacks are often successful—and costly.

If you’re worried about ransomware at your business, here are some precautions you can take to deter criminals from encrypting your system.

[Read more: What Small Businesses Need to Know About Ransomware]

Make sure your software is up to date

Software providers issue periodic updates that not only keep your programs running well but also include important security patches and upgrades. It’s important to update your security programs—and any other apps and software you use—regularly and promptly.

“Install security software and maintain it with the latest security updates. While this will not protect against zero-day exploits, many ransomware attacks use older versions for which there are security software defenses,” Steven Weisman, a professor at Bentley University, told Digital Guardian.

Many programs will automatically alert you when an update is needed; however, it’s still worthwhile to check on a regular schedule if there are updates available that you may have missed.

Layer security measures

The best approach to reducing the risk of ransomware is to take a layered approach to security. This means using more than one security tool, such as a combination of a firewall, antivirus software, anti-malware software, spam filters, and cloud data loss prevention. Most experts recommend using multiple tools so that if one fails, there are backup protections in place to alert your team of a problem.

Conduct awareness training

Insider threat” is a term used to describe any action from an employee that compromises the security of an organization’s data and systems. Insider threat most often originates from negligence or human error, but the end result is the same: It’s one of the easiest ways for hackers to initiate a ransomware attack.

“Staff are far from stupid, yet they remain the weakest link in any security system due to a lack of training and awareness,” Lee Munson, Comparitech's Security Researcher, told Digital Guardian. “By educating them about what ransomware is, how it can infect their machines, and what they can do to stop that from happening (by not opening email attachments, being extremely wary of links in emails, etc.) you will drastically improve the most important level of defense within your organization.”

[Read more: Protecting Against Cyberattacks: What Small Businesses Need to Know Now]

Configure access controls

It’s important to actively manage who can access your information using the principle of least privilege (PoLP). PoLP is considered a best practice for managing your accounts. Essentially, you only give minimal access to files, programs and accounts to those who need it.

For instance, if you’re collaborating as a team on a Google Doc, the only people who should have “edit” access are those who are actively writing the document. Reviewers can be granted “view” or “comment” access. When the document is finalized, all users should have their access revoked.

Identity and access management ensures that only those authorized to view something can view it. It lowers the risk of insider threat and can also prevent hackers from getting too far into your system.

Implement multifactor authentication and strong password requirements

Multifactor authentication or two-factor authentication is a method that requires a user to provide more than a single factor, such as a username and password, to access a platform, system or network. This could be a code texted to a separate device, or asking users to provide a fingerprint in addition to a password, for example.

Multi- and two-factor authentication can prevent someone from gaining access to your system with just one password. In addition to requiring multiple verification methods, make sure your employees are setting strong passwords. The guidelines set forth by the National Institute for Standards and Technology (NIST) say that passwords should:

  • Be a minimum of eight characters but no more than 64 characters.
  • Be able (but not required) to use all special characters.
  • Avoid using sequential or repetitive characters (e.g., 1234 or aaaa).
  • Restrict context-specific passwords, such as the name of the business.
  • Avoid commonly used passwords (e.g., P@ssw0rd).
  • Restrict the use of old passwords to avoid using credentials that may have been exposed in a data breach.

You may wish to add a password manager tool in order to help your employees keep their accounts secure.

Multi- and two-factor authentication can prevent someone from gaining access to your system with just one password.

Back up everything

If your system does get compromised, you can avoid having to pay a ransom by backing everything up regularly—as regularly as every day, if possible. Store a copy of your system on an external hard drive that’s kept offline and can’t be accessed by anyone but your trusted team.

“One of the most important defenses against ransomware is to have a robust backup strategy in place that includes off-site storage and regular testing of images and other saved data to ensure their integrity,” added Munson.

Maintain a regular backup schedule, too. Set aside time at the end of each week, at the least, to save data to an external device.

Set up strong spam filters

Reduce the risk of phishing by adding strong spam filters to your email and other messaging services.

“Enable strong spam filters to prevent phishing emails (an attempt to obtain sensitive information electronically) from reaching employees and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing,” recommends the Small Business Administration.

This reduces the risk of your employees falling for a scam and inadvertently introducing malware into your system.

Understand the ancillary threats

Ransomware is often linked to other cyberattacks, according to the Cybersecurity & Infrastructure Security Agency (CISA).

“A ransomware infection may be evidence of a previous, unresolved network compromise. For example, many ransomware infections are the result of existing malware infections, such as TrickBot, Dridex, or Emotet,” wrote CISA. “In some cases, ransomware deployment is just the last step in a network compromise and is dropped as a way to obfuscate previous post-compromise activities.”

The CISA recommends using a centrally managed antivirus solution as part of your layered security approach. This type of software can help identify if there’s something malevolent accessing your system before they lock everything down in a ransomware attack. Likewise, provide training to your team—not only on ransomware, but on threats like phishing and malware, too.

Set up application whitelisting

Application whitelisting, sometimes known as allowlisting, is a security measure that only allows trusted files, applications, and processes to be run. “Allowlisting identifies known files, applications, or processes and allows them to execute,” wrote VMWare. “Conversely, unknown activities are blocked or restricted, which prevents them from opening up and spreading within a system or environment in an attack mode.”

Application whitelisting is recommended by CISA as a way to ensure that unauthorized software — such as software that could deliver ransomware or malware — is prevented from executing. While blacklisting prevents undesirable programs from running, whitelisting only allows a program that has been explicitly permitted to run. CISA advises using an application directory allowlisting program such as Microsoft Software Restriction Policy or AppLocker to make this process as easy as possible.

Verify email senders

Phishing, one of the most common ways to deliver ransomware, is becoming incredibly sophisticated. In one type of phishing attack, a hacker will pose as a customer, vendor, employee, or another familiar party and target the company with a malicious email. The email may contain a link or attachment through which the ransomware will execute once opened.

One survey estimated that 54% of ransomware attacks were initiated from a spam or phishing email. Pay careful attention to the senders’ email addresses arriving in your inbox.

“If you are unsure whether or not an email is legitimate, try to verify the email’s legitimacy by contacting the sender directly,” wrote CISA. “Do not click on any links in the email. If possible, use a previous (legitimate) email to ensure the contact information you have for the sender is authentic before you contact them.”

Sign up for regular threat reports

There are tons of resources out there to help you stay informed about emerging and evolving cybersecurity threats. The Anti-Phishing Working Group website provides regular information about phishing attacks. You can also subscribe to CISA product notifications — regular emails that will alert you to new activities, threats, and tips produced by the government in response to the threat landscape.

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.

Published