A simple fact: Just because you won't be hit with multi-million dollar demands that make headlines doesn't mean a ransomware extortion attack won't cost you weeks of work and tens of thousands of dollars of blackmail money. Look at what's already happened. Webroot also reports that of those businesses already attacked, 64% suffered some downtime and 45% were knocked offline long enough that their very business was threatened. And the cost of that downtime came to $141,000. (In 2020, it was only $47,000.) That's not even counting the average ransom request of almost $6,000. Can your business survive that? Mine couldn't. Adding insult to injury, a recent survey of security professionals by Cybereason found that nearly half of the respondents felt they didn't have the right tools to fight back—and they're particularly unprepared for attacks over the holidays. Who wants to come back after Thanksgiving and find their PCs and servers locked up with a ransomware demand popping onto the screen? I could preach about the need to deploy in-depth ransomware protection, but you're not going to be able buy and set up a solid security system between now and the end of the year. What you can do, though, is start practicing some security basics that should see you safely through the next few weeks. Before getting into some specifics, let me remind you of something I've always known (and the 2021 Verizon Data Breach Report spelled out in no uncertain terms): 85% of breaches involve a person making a security blunder like opening a phishing message, pretexting, or some other social engineering mistake. When dealing with anyone, you must not only trust but verify that they're who they say they are and that they need the information they're asking you for. If that sounds paranoid, well, as the joke goes, "It's not paranoia if they really are out to get you." And, these days, I'm sorry to say that they really are out to get you. Now moving on to some simple specifics to keep you safe: - Keep your operating system patched and updated to ensure you have fewer vulnerabilities to exploit.
- Don't install software or allow administrative privileges unless you know exactly what it is and what it does.
- Never click on an email, instant message, or groupware—aka Slack or Teams—link, unless you know it's safe.
- Buy easy-to-use, inexpensive endpoint security programs such as Check Point ZoneAlarm Anti-Ransomware or Bitdefender Antivirus Plus.
- Create back ups of at least three or more copies of your data, including one off-site that's not networked with your production environment. Then, make certain that the back ups are good and can be used to restore your systems.
Do all that, and you should make it safely through the holidays and into 2022. Then, keep taking these precautions from now until you sell your business. It's literally the least you can do to keep your company safe from ransomware and most other attacks. |
Comments
Post a Comment