Cybersecurity and Ransomware: Best Business Practices to Remain Safe
By Varun Bodhi
Cybersecurity has always been a contentious issue but with the number of ransomware attacks as of recent it has become the focus of all headlines. The last year saw around 66% of organisations being hit by ransomware and this increase of threat has created uncertainty for many businesses.
With ransomware payments ranging anywhere from $294,000 to $2.9 million, businesses need to desperately adhere to best practices and improve their cybersecurity.
Table of Contents
1. The Current State of Cybersecurity
2-2. Train your Employees
2-3. Internet Security
2-4. Create Backups
2-5. Changing Passwords
2-6. Zero Trust Model
2-7. Enable Spam Filters
The Current State of Cybersecurity
From a cybersecurity standpoint, the most commonly used techniques for data protection are firewalls and anti-virus software. However, these measures can only go so far in protecting existing cyber threats which are constantly evolving. Cybercriminals are constantly inventing new ways to attack organisations and many of them have been successful in bypassing traditional security measures.
On average, it costs businesses up to $1.4 million to recover from an attack and this process generally takes up to one month. Whilst larger scale organisation are able to mostly recover from ransomware, many smaller businesses are completely unable to continue operating.
With remote and hybrid work models becoming common, the difficulty in creating a more robust cybersecurity strategy has become difficult. Here are a few key elements which should be part of your cybersecurity strategy.
A well-though cybersecurity strategy considers how to secure all your data with recovery methods which will keep your business safe for the next five years. Since technology and ransomware are both evolving, it’s essential to adapt your strategy based on the existing threats.
As with every strategy, research is key.
Perform a thorough analysis on which types of malware, phishing and common ransomwares effect your type of business the most. Getting a scope of this will eliminate an overly complex cybersecurity strategy and allow your business to focus on what is relevant.
Have a look to see if your competitors have ever been effected by a cybercrime, and if so, what was the threat? Having this knowledge on hand will create a robust and relevant cybersecurity strategy.
Performing periodic and scheduled research will assist your business in staying ahead of the curb.
Train your Employees
A cybersecurity strategy must include your team.
Educate your staff on best security practices and establish protocols that they must follow. Having this engrained as policies in your business will prevent any threats which can occur internally and training your team regularly has its merits.
Having a custom firewall is paramount to protect yourself cybersecurity threats and ransomware. Firewalls act as a safety layer between your internal network and the internet, hence having this installed for employees which work from home is also important.
Many businesses don’t have internet security in place for employees which work remotely, and this is where data can be most vulnerable - ensure that remote workers must have a VPN and firewall in place.
Part of a cybersecurity strategy is recognising that it’s not 100% bulletproof and having an aftermath plan is logical. Frequently making copies of important business data will mean your business can operate if a ransomware has locked your access to that data.
These backups should ideally be automated for consistency and to prevent human error. However if this is not possible, manually create backups at least once per week.
As obvious as this is, it’s often overlooked.
Everyone within your organisation should be changing their passwords every three to four months. All passwords should adhere to a certain level of complexity and generic passwords such as birthdays, pet names or other easily predictable passwords must be avoided.
Zero Trust Model
As of recent, the zero trust model is becoming vastly implemented across many industries. This model follows the rule of not trusting anything internally or externally trying to connect to a system of your organisation.
Even if it’s an employee wanting access to a particular system or application, verify the necessity of their access. For individuals which already have access, incorporate a multifactor authentication process to guarantee it’s always the right person accessing anything within your business.
Enable Spam Filters
It only takes the click of a single link to infect your computer with a virus or malware to steal confidential information. Have a spam filter setup to minimize emails you don’t want you and your employees to see in their inbox.
It’s easy to click a link on accident which is why these filters are important to mitigate unnecessary risk.
Having a strategy in place is the first step, but it can't be executed without the correct technology.
Here is a list of cybersecurity technology which your business should aim to incorporate:
- Network security monitoring software
- Encryption software & cloud encryption
- Antivirus software
- Firewall tools
- Defensive artificial intelligence
Not every technology in this list is necessary but make sure to comprehensively research which one will benefit your business the most.
Putting it on Paper
For a cybersecurity strategy to be approved it requires policies, guidelines, procedures and detailed explanations on strategy behind everything. It's important to clearly outline the responsibilities of everyone and receiving input on whether the strategy is effective from the people involved.
Upon completion, all that remains is consistently providing risk assessments and making adjustments to the cybersecurity strategy accordingly. Making adroit changes to stay a step ahead should be part of your strategy and ensuring that all changes are communicated whilst continuing training is key.