Business owners can learn about the economic and infrastructure risks of ransomware attacks simply by scanning their headlines. Earlier this month, 800 to 1,500 companies were hit by ransomware, centered on US information technology company Kaseya, with most of their minor concerns, such as accountants and dentists.
Protecting an organization from ransomware begins with creating a cybersecurity framework, Pargman observes. To that end, the National Institute of Standards and Technology (NIST) provides companies with a quick start guide with tips and tactics to improve risk management. The framework consists of five main functions: identification, protection, detection, response, and recovery.
In reality, enterprises need to categorize critical enterprise processes and applications and continuously back up their assets to the cloud or physical disks. Saving data is not enough. Enterprises should also focus on testing backups for the worst possible scenarios.
“Keep multiple copies of your backup,” says Pargman. “At least one must be offline and inaccessible from the network.”
John Nicholas, a professor of computer information systems at the University of Akron, said small businesses lacking a solid IT budget and full-time technicians have consulted companies to handle online security remotely. He said he should hire him.
There are also best practices that businesses can adopt to protect themselves, such as training staff to be aware of phishing emails that may download viruses to the network.
“If you don’t know where the email came from and you have attachments, don’t open them. You’ll also need to use complex passwords. NIST recommends a 20-character passphrase, including symbols and letters. doing.”
Regularly updating both operating systems and applications installed throughout your network is another way to prevent attacks. Busy executives can enable automatic updates and use software tools to scan for device vulnerabilities. Meanwhile, consulting firms monitor company logs 24/7 to detect system or account anomalies.
When a cybersecurity event is detected, the enterprise needs to be prepared to act promptly. Cyber hacking is a criminal offense and business owners are likely not ready to deal with it on their own, so Nicholas suggests contacting the FBI immediately.
Former FBI computer scientist Pargman said playing solo is directly in the hands of hackers.
“The attacker controls the story and tries to push the owner into the (attacker’s) timeline,” says Pargman. “The idea is to convince the owner to do things in the best interests of the criminal.”
Paying the ransom does not guarantee that your company’s data will be restored. Moreover, responding to a hacker’s request does not mean that the criminal in question simply disappears in the middle of the night.
“When I get a consultation, I say I don’t pay the ransom,” Nicholas said. “By doing so, you contribute to the problem, create more dangerous variants of ransomware, and fund those who come back after you anyway.”
Cyber liability insurance is optional and has a policy to cover the cost of business interruption and the ransom itself. However, Nicholas does not consider insurance as a sustainable model. This only increases the severity and cost of the attack. Ultimately, it’s up to SMEs to recognize ransomware as a real threat to their operations.
“It’s a cyber war at the moment. We need support for ownership and ongoing dialogue,” Nicholas said. “Similar to a paradigm shift in business attitudes, we need to discuss and change culture in the company.”
SMEs are not a small target for cyber attacks
Source link SMEs are not a small target for cyber attacks