“I’m reading a lot about companies getting locked out of information and asked to pay a ransom, what can I do about this and what should I do if this happens to me?”
Recent ransomware attacks illustrate the prevalence and dangers of cybercrime. Ransomware is a type of malware often transmitted by email. It encrypts the files of infected devices, allowing users to unlock their devices only upon payment of untraceable electronic currency. What’s more, a user usually has a limited window of time to pay, otherwise the malware permanently deletes all files on the device.
There are several steps you can take to avoid a ransomware attack:
- Create comprehensive data security policies and procedures.
- Install all updates and turn on automatic updates.
- Backup data daily and use offsite storage.
- Push software patches to devices upon receipt.
- Depending on the nature of your business, you may have a legal obligation to adequately protect your data.
- Train employees.
- Employees are often the first and only line of defense against ransomware.
- Train employees on how to detect risks and attacks.
- Never click on unfamiliar links or files.
- Periodically review security policies and procedures with all employees.
Even with a data security plan, an attack can still occur. If your device becomes infected, cybersecurity experts say not to pay the ransom because paying encourages the perpetrator’s conduct and there is no guarantee your files will be unlocked. In fact, one report found that one in four victims who paid the ransom never had their data returned. Moreover, if you have properly prepared for the attack, you will likely be able to minimize the damage by restoring your data from an earlier backup.
According to Symantec, about one in 40 small businesses will fall victim to a cybercrime in 2017. Large businesses have about a one in two chance. Both numbers will likely continue to increase. The best thing you can do is prepare. The worst thing you can do is wait.