Ransomware rates exploded in 2020 and predictions indicate it will not slow down in 2021. Indeed, ransomware affects a business every 40 seconds. Some ransoms are even more than $1,000,000. What are you doing to protect your company? Here are protective measures you should be taking against ransomware.
Backups
Backups are an effective strategy to reduce ransomware damages and business disruption.
Use the 3-2-1 backup rule:
■ create 3 copies of your data
■ 2 on different media types
■ 1 copy isolated offsite
Recent ransomware has been effectively attacking backups that are not protected. Importantly, all backups (even cloud drives) should be segregated or isolated from your operating network. Segregating backups protects them from being infected by malware as it spreads through your operating network. All backups connected to the network are vulnerable to malware/hackers. Strong access controls can mitigate the risk of compromise.
Always Update Your Software
Criminals deploy ransomware on your organization through software vulnerabilities on your organization’s network. Make sure your organization has a patch management policy ensuring patches and updates are tested thoroughly and timely rolled out organization wide. Patch management is the timely deployment of security patches designed to address vulnerabilities or mitigate the risk. The most effective method to ensure timely deployment of patches is to enable automatic updates. If there is a business reason why automatic updates are not possible, consider developing a process to timely test, assess, and deploy patches.
Train Your Employees
"Phishing" emails are a common ransomware deployment method. Creating and maintaining a culture of security and phishing awareness is one of the most important action items you can take to protect your company. Employees should never click on an attachment or a link in an email from an unverified sender.
Conducting a live phishing simulation is another great way to train employees to recognize dangerous phishing emails. Phishing simulations help identify those employees susceptible to phishing attacks so additional training can be issued.
Your CyberRisk policy gives you free access to phishing simulation services and numerous employee cybersecurity training courses. Contact CAP Agency to review your CyberRisk policy and make enhancements to your existing coverage.