Business Daily Media

The Times Real Estate

.

Five essential ransomware and recovery tips every business should know

  • Written by Paul Lancaster, Director. Sales Engineering, ANZ, Commvault

Ransomware has increased by 15% over the past year, driven in no small part to a rise in email phishing attacks, according to the latest ACSC Annual Threat Report. While large scale enterprises have the resources and strategies to recover quickly, for smaller businesses, operations can easily become crippled for extended periods.

So how can small companies be on the front foot when it comes to ransomware resilience? To help build your cyber resilience and protect your business against ransomware, here are five tips.

  1. Employees are your greatest asset

Your staff are your businesses' cyber security guards and a solid line of defence. If employees aren't across the latest threat and email scam news, how do they know what to look out for?

When looking to infiltrate a system, most attackers will try to access employee credentials in some way. Educating employees on avoiding ransomware and detecting other scams reduces the likelihood that criminals can access a business's systems. Some simple tips to keep security front of mind for staff include:

  1. Require regular password updates

  2. Ensure all passwords are strong

  3. Regularly train staff on how to spot ransomware attacks and other scams

  4. Keep staff up to date on the latest security threats that are targeting the businesses industry

  1. Always plan for ransomware protection and recovery

A data breach is a 'when' not 'if' scenario, meaning the best way a business can remain resilient to ransomware threats is to map out defence and recovery strategies in the event of a breach.

When creating a recovery strategy, one plan won't fit all, a business needs several to respond to a growing array of risks and the changing nature of today’s threats. Four primary considerations businesses should factor into their planning include:

  1. Define the parameters of the recovery plan, for example: identify and prioritize critical applications so you can focus first on the systems and data that you’ll need to recover first.

  2. What is the internal escalation process? During an attack, what situations will get escalated to more senior staff to coordinate?

  3. What are the legal and customer impacts of the threat?

  4. Map out team responsibilities and who will be owning what tasks

The plan should also include action items, contact lists, timelines, and if possible, pre-approved crisis communications. Once you have your plan in place, along with the procedures and technologies to execute it, make sure it will work as needed by performing frequent tests.

  1. Implement multi-factor authentication

Multi-factor authentication (MFA) verifies users by requiring two pieces of evidence to prove their identity, such as a password and code sent via text. It acts as a great security measure and when formed as part of a multi-layered security strategy, can be one of your strongest lines of defence.

MFAs make it difficult for criminals to access employee accounts even with the correct credentials. That means if an attacker can circumvent a business's MFA procedure, there is likely a more severe security flaw that needs to be addressed.

  1. Segment your networks

After an attacker has infiltrated a network, they will look to broaden their foothold to access more valuable data and systems. This is known as 'lateral movement, where an attacker will progressively move through a network (typically using compromised credentials) while searching for critical data and assets.

Network segmentation involves splitting up a network to limit how freely users can move within. A rule of thumb when looking at network segmentation is—if a system does not need to communicate with another system, it should be separated.

  1. Re-think business backups

These days, cybercriminals are developing and deploying more sophisticated technologies than ever. However, not all companies have the resources for massive backup solutions. A simple 3-2-1 approach to data backup can be an effective 'recovery ready' strategy for small businesses.

  1. Make three copies of your data: It can take months to fully recover from an attack, having copies of essential data ensures regular business activity can resume as soon as possible.

  2. Backup on two media types: These days, cybercriminals have begun targeting data backups as well. Ensuring sensitive data is backed up to more than one location improves a business's recovery window and reduces the risk of backups being compromised.

  3. Secure one backup off-site: Criminals will immediately look to extend their reach further into a network during an attack. Securing a backup off-site that is not directly linked to a business's network helps protect backup data from being compromised.

Being recovery ready doesn't have to be complicated. With the proper preparation, even small businesses with limited resources can develop the resilience needed to thrive in today’s evolving threat landscape.

Five signs that AI is growing faster than the internet did

What do Aussie businesses need to do to keep up? There has been mounting chatter that AI is growing even faster than the rapid acceleration we sa...

Protecting Your Small Business from Cyber Threats This Holiday Season

The holiday season brings a surge of online activity for small and medium businesses (SMBs), with increased sales and customer inquiries offering ...

Essential SEO Strategies: Boosting Your Real Estate Business

In recent years, it is said that more and more people are searching for properties online than those who visit real estate companies in person. For ...

Every Business Needs to Apply a Concrete Strategy

Do you want your website to rank higher in the top results of the Google search engine? Then hire the excellent SEO Services in Australia for your n...

Navigating Cyber Fraud After a Natural Disaster

As Australia enters another long, hot and potentially destructive summer, businesses and residents are preparing for the natural disasters synonym...

8seats messaging startup aims to transform business communication

The new platform brings an innovative approach to unite office-based and desk-less teams 8seats, a next-generation messaging platform for busine...

Sell by LayBy