Cybersecurity for the Small Business
Last year in the United States there were 65,000 ransomware attacks- over 7 per hour- and experts say it will most likely get worse before it gets better. In a study conducted in 2020 by Cloudwards, over 51% of businesses were hit by ransomware in 2020, and the estimate for 2021 is every 11 seconds a company will get hit.
The White House warned American businesses last week they should be taking urgent security measures to protect against these attacks, as most companies are ill-equipped to afford the disruption to their business or paying the ransom outright. 2019 saw a sharp increase in the cost of a ransomware attack, up from $6,000 in 2018 to $84,000 by the end of the year. These costs neglect to factor in things like lost opportunities, reduced production, rebuilding infrastructure after an attack, and loss of reputation.
With ransomware impacting large companies and government resources, what are smaller businesses to do to help protect themselves? All is not lost and there are several ways small to medium-sized businesses can help secure their networks.
Use a VPN and review firewall rules
Your firewall is the first line of defense to your network, make sure your company is using a VPN client for remote connections and review the access rules at minimum once a year to ensure only desired traffic is allowed in.
Apply multi-factor authentication whenever possible
Multifactor (MFA) or two-factor (2FA) authentication takes passwords to the next level. Instead of just relying on a username and password (something you know), now a token (something you have) is also applied to accounts to keep them safe from phishing or brute-force attacks. MFA or 2FA should be applied everywhere possible, including your VPN and email accounts.
Keep systems up to date
Apply vendor patches as soon as they are released and have been tested to prevent recent exploits from targeting your systems. Maintain a regular patch cycle and always apply emergent releases as soon as feasibly possible.
Backup systems off-site
One tactic ransomware threat actors will deploy is deleting backups before encrypting files. Having daily backups that are stored off-site and encrypted with a password not used anywhere else on the network can help reduce that possibility. Be sure to check backups regularly to ensure you could revert to them if needed.
Get additional visibility
You can’t protect what you can’t detect. Having a security toolset like a Security Information and Event Management (SIEM) solution provides additional visibility and can aggregate information from network devices such as firewalls, switches, endpoint detection, and cloud activity in a single pane of glass that is easy to review. A basic SIEM solution doesn’t have to break the bank but can offer valuable visibility into how all the parts and pieces of the network work together and highlight if and when a breakdown occurs.
Many companies have been increasingly turning to cyber insurance to help with incidents -but many industry experts are now discouraging payments as they only fuel further nefarious behavior. One insurance company in France, among Europe’s top five insurers, has stated they will no longer reimburse their customers for extortion payments made to ransomware criminals.