Ransomware attacks are becoming more common, but most businesses aren’t prepared for the battle.
We’re currently living through a digital revolution. Entire businesses and industries are being transformed—or, at the very least, changing—as they adopt new technology that allows them to become more efficient and competitive.
This sword has two sides, however. The more you rely on technology, the more you leave your business open to new security threats. You might not realize it, but your company’s digital data are one of your most critical and valuable assets.
What would happen to your business if all your data were lost or held hostage? Would your business survive? Can you afford to pay a ransom? Can you afford to close your business for a few days—or possibly even weeks?
Ransomware attacks are on the rise, yet most businesses are not adequately prepared for the threat. According to Symantec’s 2019 Internet Security Threat Report, enterprise ransomware attacks are up 13%. You need to start taking cybersecurity seriously, if you haven’t already.
What is Ransomware?
Ransomware is a type of software/malware designed to deny access to your data or systems until a ransom is paid. Hackers will lock (encrypt) your data, making it impossible for you to access it without the correct (encryption) key. At that point, you and your business are at the mercy of the hacker. It is practically impossible to guess an encryption key.
You’re probably asking, “Why would anyone want to hack my business?”
As a lender, you hold valuable data. From borrower financials to Social Security numbers for credit checks, this confidential information is a hacker’s direct target. Private lenders and other small businesses are easier targets because they spend less on security and information technology compared to larger corporations.
Your Vulnerable Points
To understand what you are defending against, you must first understand the battlefield.
What technology does your business use every day to interact with the outside world? Email!
According to Symantec’s 2019 Internet Security Threat Report, the chief ransomware distribution method in 2018 was email. Email is the easiest way for a hacker to attack your business because it is a direct line to your employees. One wrong click on an attachment or link can compromise your business.
Another part of the battlefield is your network. Your network (wireless or wired) is how electronic data are sent between your employees, devices and the internet. Once malicious software is inside your network, it can spread to other computers and devices.
Mounting a Strategic Defense
You can think of cybersecurity as several layers. Here are some “layers” of defense to protect you and your business from ransomware and other cyberthreats.
- Back up your data // And back up your backups. Store your backups in multiple locations (e.g., with a third party, in your pocket or in your home). Having backups completely segregated from your network is essential. It gives you an alternative avenue to restore your systems and information in the event your digital data are compromised. If you store your backups in the same network/system you use in your day-to-day business, the backups can be ransomed as well. Storing your backups in multiple locations allows you to always have access to your data in the event of a security incident.
- Network // You’ve probably heard of the term “firewall.” It does not refer to a literal wall of fire, but it is a network security monitoring system that controls all incoming and outgoing network traffic. A firewall is basically a security guard for your network. A well-configured firewall will help block malicious emails, links, documents, attachments and so on from even entering your internal network.Protect your Wi-Fi access points. Separate your guest network from your main network. That could mean having a separate Wi-Fi for your guests and another Wi-Fi for your employees. Don’t let outside devices connect to your main company network.
- Anti-malware and anti-virus // Stop the malicious links and attachments from even reaching your inbox by installing anti-malware and anti-spam mechanisms on your Office 365 or other third-party email provider.Finally, the last layer you need to protect is the end device—your computer. Installing an anti-malware and anti-virus service on all company devices can help catch malware that falls through the cracks.
- Stay up to date // Update everything. Software companies do not release updates just for fun. They release updates to fix bugs and security issues. Installing the updates is the easiest way to protect your systems. Hackers will exploit known security holes because it is easy and documented. Don’t give them that chance.
- Educate your employees // You can take all the recommended measures for securing your network and business, but you are only as strong as your weakest teammate. You’ve probably accidentally clicked a bad link or opened an attachment from an unknown sender. It is extremely difficult to plan for human error. All you can do is arm your team with the knowledge and skepticism the digital world demands.Train your team. Teach them about phishing and other social engineering tricks. Educate them on best practices and how to spot fake emails. Take advantage of the vast library of online courses that focus on practical cybersecurity.
- Practice makes perfect // Have you ever simulated a recovery from a ransomware attack? Has your IT team ever simulated recovering your systems and data? Probably not.
Having a well-developed and well-tested business continuity and disaster recovery plan is essential to handling a security incident. This is the playbook your business will follow in the event of an “incident.” Such a plan will clearly define how to restore your business operations quickly and keep your data safe and accessible.
You have a responsibility to your customers, employees and yourself to protect your business’s digital assets. Cyberthreats will continue to grow. It is not a matter of if an incident will occur, but when. A little bit of prevention can go a long way.