The cost of ransomware passed $7.5 billion in 2019. Businesses of all sizes are targets and executives across all industries are trying to answer one question: How do I make sure my business never pays a ransom for our data? In this piece, we’ll cover some of the steps every CEO should take to ensure their business has comprehensive ransomware protection.
1. Get a Ransomware and Security Audit
Any one of dozens of service providers can audit your business. Their services might range from penetration testing to vulnerability risk assessments and more. Consider working with an outside expert that helps you identify vulnerabilities your team might not be aware of. You might have bigger blind spots than you realize.
2. Get Cyber-Security Insurance
Major insurance carriers now offer affordable cybersecurity policies. Like other forms of insurance, cybersecurity insurance will cover your business if you lose data due to a breach or ransomware. In some cases, these policies will even pay out ransoms if your data becomes inaccessible. Note that paying criminals should be your absolute worst-case scenario. Sadly, however, some organizations such as the city of Riviera Beach, Florida, have felt that they have no choice but to pay. Insurance may be a last resort, but it’s still wise to consider which policies can protect you if all else fails.
3. Develop a Data Protection Strategy
If you had your company audited by an outside firm (step one), you should now have a detailed list of security issues you can address. For many businesses, it might be as simple as upgrading to newer and more sophisticated firewall, spam, antivirus, and backup solutions. For others, it could instigate a complex process involving a network infrastructure overhaul, new hardware, and more. If you and your team aren’t sure how best to proceed, consider working with an IT managed service provider who can do all of the heavy lifting. Companies like these can also offer ongoing support and maintenance for your crucial systems.
4. Educate End-Users
The most iron-clad software and hardware is of no help if an employee is careless. Part of your strategy should include a plan for helping your users spot and avoid ransomware. Many businesses hold mandatory quarterly security seminars where admins help employees understand various types of cyber-attack. Your agenda should cover everything from ransomware to phishing to the growing threats from social engineering scams.
5. Develop a Backup and Disaster Recovery Plan
Most businesses have data backups, but few have a plan for restoring data should something go wrong. Be sure your team has established recovery objectives. That helps your business determine how quickly systems must go back online if there’s an issue (RTO or recovery time objectives). It also establishes how much data your business can stand to lose if there’s a hardware failure, ransomware, or other issue (RPO or recovery point objectives). These metrics help your team develop a strategy that keeps downtime and data loss costs to a minimum.
6. Test Your People and Systems
While you’ve already conducted one security audit, it’s wise to consider regular testing once your network is in tip-top shape. This includes network vulnerability testing, testing backups, as well as testing employees—people are often the weak link in the security chain. That’s why some businesses formulate strategies for testing employees. That could include sending fake phishing emails or even hiring businesses to conduct mock social engineering scams. Whatever the case, testing should be a regular part of your security strategy.
Investing in a ransomware strategy isn’t just a practical decision, it’s an essential one. While insurance can help if the worst happens, what happens to your reputation? What would your clients and prospects think? Rather than become a victim take proactive measures now so you never end up being held up by criminals.
Businesses of all sizes depend on StorageCraft backups to safeguard data. If ransomware happens to lock up a server you count on, it’s easy to restore a clean backup from before the attack. Chat with one of our sales engineers to see how StorageCraft can benefit your business.