• The average ransom amount in 2016 was $1,077, up from $294 in 2015.
• 463,000 ransomware detections were reported in 2016, an increase of 36 percent.
• The daily rate of antivirus detections for ransomware increased to more than 1,539 a day.
• Ransomware is usually sent to users
in the form of spam emails that utilize a range of social engineering tactics to lure recipients into opening them and their attachments.
Cyberattacks on small businesses continue to increase, according to a 2017 internet security threat study conducted by Symantec, a global security and information management company. Furthermore, ransomware now tops the list of most significant threats facing businesses and there are emerging signs indicating that attackers may be developing even more sophisticated attacks, such as targeted ransomware attacks on businesses involving the encryption of multiple machines. Needless to say, you can’t afford to let your guard down.
Fighting Back
Not only are small businesses at an increased risk of being targeted by cybercriminals, once attacked, the likelihood of survival decreases significantly. That doesn’t mean you shouldn’t fight. There are a variety of great resources out there to help protect your business from a cyberattack.
Notably, government officials recently compiled industry best practices and mitigation strategies focused on the prevention and response to ransomware. In the U.S. government interagency report, How to Protect Your Networks from Ransomware, the following step-by-step tips are highlighted due to their effectiveness.
- Educate your staff. Your staff is your first line of defense. Therefore, the first step should always be to remind your employees to stay vigilant and to never click on unsolicited links or open unsolicited attachments in emails.
- Take preventative measures. There are quite a few tactics you should take to maintain a proactive stance throughout your organization. Here are a few measures we recommend to our clients:
- Implement a cybersecurity awareness and training program.
- Prevent phishing emails from reaching the end user by enabling strong spam filters.
- Scan all incoming and outgoing email.
- Configure firewalls to manage access.
- Patch operating systems, software and firmware on all devices.
- Set anti-virus and anti-malware programs to automatically conduct regular scans.
- Manage the use of privileged accounts. No user should be assigned administrative access to a file, folder or server unless absolutely necessary.
- Implement software restriction policies.
- Create a continuity plan. While an attack may be bad for business, the time it takes to recover can be absolutely devastating. Minimize your recovery time by implementing and managing a comprehensive business continuity plan. Your plan should include regularly backing up your data, conducting annual penetration tests and vulnerability assessments and properly securing your backups.
Shut It Down
If your business does fall victim to a cyberattack, the following steps will help minimize the damage and shorten recovery time.
- Contact your IT team and isolate the infected computer immediately by disconnecting the cable that attaches the workstation to the company network, or disconnect the VPN connection if one is being used.
- Secure backup data or systems by taking them offline.
- Contact law enforcement immediately, including a local field office of the FBI or U.S. Secret Service.
- Change security access and passwords, if possible.
Jess Howard Electric, a Rea client in Central Ohio, is proof that a small business can recover from a ransomware attack. By maintaining the proper safety protocols and adhering to strict policy and procedure, the company has successfully recovered from two attacks that could have crippled the business. Read their story here.
By Travis Strong, CISA (Wooster, OH)
Check out episode 88 of unsuitable on Rea Radio to learn more.
This article originally appeared in the summer edition of The Rea Report. Click here to subscribe.