If you aren't already familiar with ransomware, consider yourself lucky – your organization hasn't been targeted by hackers' preferred method of extortion. Chances are you've at least heard of the cybercrime that holds a computer or network hostage until the user meets certain demands, typically monetary. Ransomware events are increasing, according to a report from security firm Malwarebytes. The company surveyed 500 companies in four countries and discovered one-third lost money as the result of ransomware. From August 2015 to August 2016, 40 percent of those surveyed reported a ransomware attack.
How does ransomware work?
Hackers will attempt to gain access to a company's sensitive data, like client records, payment information or identities. Then they'll lock out the user and agree to return the data and restore access only once the target transfers some specific amount of money – which can range from a few hundred dollars to tens of thousands. But even when companies pay, there's no guarantee the hackers will return the information. That's why the FBI recommends against paying the ransom under any circumstances and instructs ransomware victims to instead contact authorities immediately.
With that said, it is understandable why some organizations opt to pay the ransom, especially if it's only several hundred dollars. Like all security measures, an ounce of prevention is worth a pound of cure.
Make your network ransom-proof
As the internet consumes more and more of our daily lives – and as users increasingly mix work devices with personal ones – hackers gain more entry points. Take the 2014 breach at department store Target: Hackers infiltrated the company through its HVAC vendor, using the relatively small, unassuming company as a vector for attack that cost Target $39 million, according to CNBC. That wasn't a case of employee negligence, but it does illustrate just how many ways hackers have to get their hands on sensitive information.
But cyber thieves now target small businesses more and more, taking advantage of their often under-developed security. That's why all companies, large and small, should take the time to shore up their defenses. Consider a few ways to get started:
- Invest in antivirus software.
- Educate employees on best practices regarding internet use, suspicious emails and securing home networks.
- Establish a protocol to be followed in the event of a cyberattack.
- Meet with vendors to determine whether or not they have adequate cybersecurity.
- Back up everything in a safe, offsite location.
Update your insurance coverage
Even when your organization has revamped its security network, no cyber prevention plan is complete without insurance. It should come as no surprise that insurers have developed coverage to help recover assets and revenue lost through ransomware given how prevalent that threat has become. The best insurance providers in this field do more than just provide a backup – they can also provide forensic support to help organizations determine what happened and how the ransomware got through.
One thing to look for in an insurance product is full prior acts coverage. This can respond to a breach that occurred prior to purchase of the insurance policy. Typical insurance policies are effective as of the date purchased – but since ransomware and other cyberthreats can lurk in a company's system undetected for weeks, full prior acts coverage is the prudent choice.
Additionally, good cyber coverage includes legal support and crisis management. The former is especially helpful if your clients' information is compromised, while the latter is beneficial if a data breach becomes public.
Ransomware and cyberthreats in general are more than just a problem for huge organizations with millions of clients – they can affect any kind of entity, including individuals and small offices. But keep in mind, hackers implementing ransomware typically want your money, not your data – giving in to their demands right away will only empower them. Instead, build up your cybersecurity the same way you would protect your building and your employees – with preventative measures, emergency backup resources and a reliable insurance provider.
Share this Post