Ransomware is a serious risk to businesses in Australia. In the first half of 2020, there were 33 ransomware attacks recorded in the country, up from only 13 in the second half of 2019.
This is something you and your business certainly need to be aware of, but how can you be sure that you are protected against ransomware? Take a look at our checklist and help shore up your business’s digital security.
Ransomware defence checklist
Up-to-date hardware and software
Cyber crime is advancing at a fast pace, and you need to make sure your systems are keeping up with developments in the field. Older systems may have become out of date and may, as a result, be prime targets for hackers and cyber criminals.
Make sure you are not using outdated hardware that is no longer supported by security solution providers. Ensure that your software is regularly updated and that you stay on top of any security patches that may be released by the developer. This kind of proactive attitude is crucial if you are to keep your business protected.
Appraised, assessed anti-virus solutions
Many users protect their systems by putting an anti-virus solution in place and allowing it to do its work unchecked. This is a risky strategy, as even the best anti-viral solutions may become antiquated over time, and your needs may have outgrown the scope of a solution that used to work for you.
For enterprise users, this is of particular concern. You need to ensure that your anti-virus solution is in adherence with regulation and legislation in your field and includes automated threat detection that works to keep your system and your business safe.
Email attachment safety
With the increase in working from home, there has been a resurgence in the delivery of ransomware via phishing emails. Verify that that your email filter signatures are being updated daily and that attachments with known exploits are being stripped out and suspicious emails blocked. Instruct your users that unless they recognise the sender, they should never open any attachment, nor click on a link within an email. Spam filters on your email server/service that also allow users to mark unwanted messages as spam are a good investment.
Data backups
While preventing a ransomware attack should be your primary aim, you also need a strategy in place in case this is insufficient. If you do experience data theft, you need to make sure that you can achieve seamless business continuity. This is where data backups come into play.
Secure cloud architecture allows you to redeploy data and applications without delay in the event of a breach. This architecture is also wholly independent from your business systems, so it should remain impervious to the initial ransomware attack.
Where possible, back up each dataset three times, preferably across different storage mediums, with one dataset backed up offsite.
Encrypted storage
All of the information you store — including backed-up data — should be encrypted. Use 256-bit AES as a minimum standard to make sure your stored data is not vulnerable to attack.
Penetration testing
White-hat hacking is very useful to businesses, as this allows them to properly assess how their anti-ransomware policies and solutions measure up. Perform simulated attacks to get better insight into your defences.
Training and education for all staff members
Make sure all of your staff members are fully trained and educated on the threat of ransomware and are engaged in the fight against it. Everyone should recognise their rights and responsibilities as an employee — including the right to work in a safe and secure environment and the responsibility to do their part to ensure this safety and security.
Training needs to be ongoing — built into the very core of what your organisation is all about. In this sense, ransomware becomes a key part of your business culture and identity. Put policies in place for onboarding and offboarding staff members and implement clearly defined rules that govern necessary elements of work, such as remote operation and bring-your-own-device initiatives.
Protect your business against ransomware
Make sure your business is protected against ransomware. Reach out today to discover how our Managed Cyber Security Services can benefit you.
