Technology & Security

Protect your business from the growing menace of ransomware attacks: 7 steps to take right now

  • 5 min Read
  • July 19, 2021

Author

Escalon

Table of Contents

Ransomware is a type of malicious software that infects computers and blocks users’ access until a sum of money is paid. Over the past few years, ransomware attacks have become the fastest-growing branch of cybercrime. According to a Cybersecurity Ventures report, every 11 seconds a business falls victim to such an attack, and global ransomware damage costs will reach $20 billion by year’s end.

The recent widely publicized attacks by the Russian hacker collective REvil were possible because of a vulnerability in Kaseya’s IT management service software. REVil’s hackers used that vulnerability to infiltrate the systems of more than 1,500 companies worldwide, affecting a whole range of businesses such as dental practices, railways, supermarket chains and IT service providers.

A total of $70 billion was demanded as ransom. The attacks demonstrated that it is not just large companies that are in jeopardy, but also small- and medium-sized ones. Criminals don’t discriminate.

Unfortunately, many businesses and business owners still do not know how exactly they are at risk, what’s at stake and more importantly, what measures they can take to ensure the protection of their data and IT infrastructure.

Here are seven steps smart businesses can start taking today to prevent a ransomware attack.

Install a firewall

A firewall is the first line of defense against all types of cyber criminality. It’s a security device that serves as a barrier between your secure, internal trusted network and outside networks such as the internet. The firewall filters incoming and outgoing traffic and helps keep your devices and data safe by stopping hackers, viruses and malicious software from gaining unauthorized access to your network.

There are different types of firewalls: hardware-based, software-based and cloud-based. Each offers different functionality and varying levels of security, so make sure to choose one that suits your protection needs.

Backups

Backups can mitigate the risks of a ransomware attack. Perform backups well and often.

Although attacks can’t be prevented by backups, keeping extra copies of important data is one of the pillars of a responsible cybersecurity strategy. When the main copy is compromised, there’s always the backup copy to fall back on.

Cybersecurity experts recommend following these best practices for backups:

  • Keep backups offline

It’s important to store offline copies of your backups. Criminals can’t access them, and the data can’t be compromised.

  • Use immutable backups

An immutable backup means that the copy is read-only and can’t be changed (or deleted) by anyone. Not even administrators.

  • Backup frequently

It’s recommended to make backups frequently. To determine the right frequency for your company, think of it this way:  If you backup daily, only the data of one workday will be lost.

Install updates and patches



Hackers take advantage of known vulnerabilities, security holes or bugs in operating systems or other software. That means it’s a good practice to install every update and patch right away. Not only does this provide a relatively straightforward way to improve the safety of your system, but it also lets you profit from the latest features and functionalities. 

 

Ensure that all software your company uses gets updated. This includes operating systems, firewalls, antivirus software, other third-party software and software that’s still on the system but no longer used. And make it a point to protect all endpoints in your network: desktops, phones, laptops and any other smart devices that connect to the network are also vulnerable.

Limit permissions



Security experts recommend that people only have the level of permissions needed to do their work. This is called the principle of least privilege, and it is a widely accepted cybersecurity best practice.

Following this principle reduces the risk of hackers gaining access to your data or systems by compromising accounts and stops malware from spreading. Don’t make the mistake of thinking that only the accounts of CEOs are interesting targets. Low-level user accounts are a common entry point for hackers.

Test regularly



Make it a habit to regularly test your security. Vulnerability assessments or audits are great tools to expose vulnerabilities and identify potential weak links in your IT infrastructure. Don’t forget to include the backups in the testing routine.

In addition to periodic testing, test whenever new software is installed or other changes are made.

Enforce a strong password policy



Weak passwords are among the easiest ways for hackers to enter a system.

Since the average business user needs an estimated 200 passwords every month, most people use the same password for multiple purposes and choose very simple passwords such as 12345 or abcde. A strong password has a minimum of 8 characters; combines capitals, small letters and special characters; avoids repeating characters or characters that are next to each other on the keyboard; and does not comprise words from a dictionary. Always change default passwords since they can be found easily on the internet.

Although your password might seem difficult enough to you, it’s probably not. Hackers use automated tools that try thousands of combinations until one works. Other ways passwords are at risk are through phishing or social engineering.

Software solutions exist to help with password management. These applications store passwords for users in a fully encrypted vault, providing a knife that cuts both ways: It makes the life of your staff easier and helps prevent cybersecurity threats.

Raise awareness among your employees



The weakest link in any organization is its employees. Discuss the risks with everyone in your business, and make sure everyone is on the same page as far as security is concerned. Agree on clear rules, for example surrounding the use of passwords.

Regular cybersecurity training can raise awareness and instill a sense of urgency. Through training, your staff learns to adjust their behavior around security and to integrate safety practices in their daily routine by learning things like:

  • How to recognize phishing attempts.
  • The danger of malicious software and websites.
  • The importance of strong passwords.
  • How to keep their credentials safe.
  • How to keep their computers up to date.
  • Only opening attachments from trusted sources.

Talk to our team today to learn how Escalon can help take your company to the next level.

  • Expertise you can trust

    Our team is made up of seasoned professionals who bring years of industry experience to the table. You gain a trusted advisor who understands your business inside out.

  • Quality and consistency

    Say goodbye to the hassles of hiring, training and managing in-house finance teams. You will never have to worry about unexpected leave of absence or retraining new employees.

  • Scalability and Flexibility

    Whether you’re a small business or a global powerhouse, our solutions scale with your needs. We eliminate inefficiencies, reduce costs and help you focus on growing your business.

Contact Us Today!

Tap into the latest insights from experts in your industry

Accounting & Finance

Outsourcing vs. In-House: A Strategic Guide for Growing Companies

Expanding your team and capabilities is critical to sustaining growth—but the question often arises: Should you build an in-house department...

Read More
Accounting & Finance

The CFO’s Role in Driving Operational Efficiency in a Mid-Sized Company 

A Chief Financial Officer (CFO) isn’t just a numbers person anymore. Modern CFOs play a pivotal role in shaping strategy,...

Read More
Technology & Security

What Every $10M+ Business Should Know About Data Privacy Laws 

Once your annual revenue surpasses $10 million, you attract more attention from regulators, partners, and customers, especially regarding data privacy....

Read More
People Management & HR

The Cost of a Bad Hire: How to Improve Your Recruiting Process

Hiring is one of the most pivotal processes in any organization, particularly for a medium-sized business looking to scale. Yet...

Read More
People Management & HR

Key Insights from the 2025 CBIZ Not-for-Profit Pulse Survey 

At Escalon, we are committed to keeping our clients informed about the latest trends, challenges, and opportunities across the industries...

Read More
People Management & HR

Scaling Culture: How to Keep Employees Engaged as Your Business Grows

Growth in headcount brings exciting opportunities for a business, but it also poses a key challenge: How do you maintain...

Read More
Accounting & Finance

Managing Multi-State Compliance as Your Workforce Becomes More Distributed

Rapid expansion and remote work trends have empowered medium-sized businesses to hire talent nationwide. Yet with multi-state operations come multi-layered...

Read More
Leadership & Growth

How to Build Leadership Pipelines to Sustain Growth 

Growth often hinges on capable leadership at every level. Yet many medium-sized businesses focus on filling immediate management vacancies rather...

Read More
uncategorized

How to Avoid Operational Bottlenecks When Scaling Beyond $10M ARR 

Reaching $10 million in Annual Recurring Revenue (ARR) is a major milestone, but scaling further brings new operational hurdles. From...

Read More