You know your business better than anyone else. How much money will you lose due to system downtime? What is your cost to recovery? How much is your data worth? I think the answer here is simple; pay the ransom if it is going to seriously affect your business.
But I do not care to talk about paying ransoms or not. When I talk about whether you should pay or not pay, I am talking about progressive, preventative, forward thinking investments (time, resources, and money). I am talking about making sure your organization does not get hit with ransomware and in the case that you do, there is a minimal effect on your business. I am talking about eliminating the fire drill meeting on whether to pay or not pay that $15,000 ransom.
So how do you prevent a ransomware attack?
First, you can start by watching this 8 series video course on Ransomware. Making sure you understand Ransomware is critical to protecting your organization and providing knowledge transfer to your staff.
Second, you need to ensure that you completely understand your current security posture, your staff, and your technology. We recommend getting a comprehensive Security Assessment of your IT. You can perform one of these in-house if you have all the tools and resources or you can outsource to a trusted company that will deliver a fully custom unbiased assessment.
Third, do your research. This blog is a good first step but proactively talking to peers, experts in the industry, those who have experienced Ransomware, and researching articles will give you a better understanding on how to prevent an attack. Here is a good article that talks about how ransomware should change the way you think about security.
Fourth, educate your employees. At the end of the day, Ransomware often boils down to one thing, the end-user. At some point someone let them in knowingly or unknowingly, typically the latter. Educating your employees about cyber security could be the most valuable preventative step in protecting your organization from a ransomware attack. This article talks about employee cyber security education.
Finally, have a plan. Redundancy is your friend. Making sure you have secure back-ups of your critical data that are not physically or remotely connected to your devices. Cloud back-ups can be secure and very useful. Here is a nice article on 4 ways to protect against ransomware.
There are also many next generation solutions out there utilizing AI (artificial intelligence), machine learning, and user-behavior analytics that are helping many organizations protect their data and prevent ransomware attacks.
Check out this article on Varonis continues to update and develop their offering for better protection.
For more info. contact us at firstname.lastname@example.org or call 858-866-9702