The One, Major, Biggest, Absolute Thing You Must Do To Protect Your Business Against A Ransomware Attack
By now if you’re running a business – big or small – you’re well aware of ransomware. You’ve heard of the airports, transportation systems, utilities and hotels that have been attacked. You’re aware that this is a giant problem that costs businesses and governments billions of dollars a year and you know that it’s growing.
You also know that ransomware is malware. You know that when it infects a network it’ll quickly encrypt files on both devices and servers. Once locked, no one in your company can access that data. To unlock the files, you’re then given a choice: pay a ransom or continue to suffer disruption.
While being unable to access your files isn’t a great option, paying the ransom isn’t that much better. Sure, it’s generally a small amount – even as little as $100. But the payment, which is usually transacted using a digital currency like bitcoin, is sent to the hackers with the “understanding” that they’ll hold up to their end of the bargain and send you a key to unlock the encryption. That’s not always the case. In fact, one security firm says that only 19 percent of those paying ransom actually got all their files back from the hackers.
Even if you receive an unlock key – and it actually works – that doesn’t mean you’re completely off the hook either. Today’s hackers are smart enough to leave malware on the devices they’ve infected for future attacks. Others know a victim when they meet them and figure they can return to the scene of the crime in a few months with another attack. Because hey…why not?
So how best to prevent? Well, the fact is that you can’t fully protect yourself against an attack. You can certainly take some steps, such as installing anti-virus software, having a good backup system and investing in training for yourself and your employees (most ransomware attacks occur due to humans inadvertently downloading malware from attachments or fake websites). You should also have cyber insurance. All of this helps.
But there’s really just one thing that works the best and you’re not going to like it because doing it is an annoying pain. But it’s really important. You need to make sure all of your employees’ devices are running the most recent versions of their operating systems. That means Windows, MacOS, Android, Chrome, whatever.
When Microsoft tells you it’s time for a Windows upgrade, force it to happen on all of your workers. Do the same when you get similar notifications from Apple and Google. Don’t put it off and don’t ignore these requests. Why?
Because as I write this the hackers that create ransomware applications are running literally millions of bots all across the internet searching for devices – any devices – that are running out of date operating systems that haven’t been updated with protections against the most recent ransomware bots. When they find one, they can attack. Almost always, those devices are attached to a network and rest assured that these hackers are smart enough to figure out how to get into that network…just as long as there’s even a small opening, which is that older device.
Running the most recent operating system on a device can’t fully protect you. But it’s a huge deterrent. A malware writer is looking for low-hanging fruit. It’s less likely that they’ll spend time trying to infiltrate a current operating system that’s running the most recent protections against intrusions. They’ll go after the older systems that haven’t installed these defenses. You won’t be 100 percent safe. But you’ll be a lot safer. And so will your employees and your company’s data.
And just think about it: if your company gets hit with an attack and it impacts your business (not to mention any customer data that you might be storing) how do you respond when it’s found that you were running older operating systems on your network? Could an insurance company withhold compensation if that’s the case? Could an attorney looking for a lawsuit see that as an opening?
You know the answer to those questions, just as much as you know what ransomware is.