Technology & Security

Protect your business from the growing menace of ransomware attacks: 7 steps to take right now

  • 5 min Read
  • July 19, 2021

Author

Escalon

Table of Contents

Ransomware is a type of malicious software that infects computers and blocks users’ access until a sum of money is paid. Over the past few years, ransomware attacks have become the fastest-growing branch of cybercrime. According to a Cybersecurity Ventures report, every 11 seconds a business falls victim to such an attack, and global ransomware damage costs will reach $20 billion by year’s end.

The recent widely publicized attacks by the Russian hacker collective REvil were possible because of a vulnerability in Kaseya’s IT management service software. REVil’s hackers used that vulnerability to infiltrate the systems of more than 1,500 companies worldwide, affecting a whole range of businesses such as dental practices, railways, supermarket chains and IT service providers.

A total of $70 billion was demanded as ransom. The attacks demonstrated that it is not just large companies that are in jeopardy, but also small- and medium-sized ones. Criminals don’t discriminate.

Unfortunately, many businesses and business owners still do not know how exactly they are at risk, what’s at stake and more importantly, what measures they can take to ensure the protection of their data and IT infrastructure.

Here are seven steps smart businesses can start taking today to prevent a ransomware attack.

Install a firewall

A firewall is the first line of defense against all types of cyber criminality. It’s a security device that serves as a barrier between your secure, internal trusted network and outside networks such as the internet. The firewall filters incoming and outgoing traffic and helps keep your devices and data safe by stopping hackers, viruses and malicious software from gaining unauthorized access to your network.

There are different types of firewalls: hardware-based, software-based and cloud-based. Each offers different functionality and varying levels of security, so make sure to choose one that suits your protection needs.

Backups

Backups can mitigate the risks of a ransomware attack. Perform backups well and often.

Although attacks can’t be prevented by backups, keeping extra copies of important data is one of the pillars of a responsible cybersecurity strategy. When the main copy is compromised, there’s always the backup copy to fall back on.

Cybersecurity experts recommend following these best practices for backups:

  • Keep backups offline

It’s important to store offline copies of your backups. Criminals can’t access them, and the data can’t be compromised.

  • Use immutable backups

An immutable backup means that the copy is read-only and can’t be changed (or deleted) by anyone. Not even administrators.

  • Backup frequently

It’s recommended to make backups frequently. To determine the right frequency for your company, think of it this way:  If you backup daily, only the data of one workday will be lost.

Install updates and patches



Hackers take advantage of known vulnerabilities, security holes or bugs in operating systems or other software. That means it’s a good practice to install every update and patch right away. Not only does this provide a relatively straightforward way to improve the safety of your system, but it also lets you profit from the latest features and functionalities. 

 

Ensure that all software your company uses gets updated. This includes operating systems, firewalls, antivirus software, other third-party software and software that’s still on the system but no longer used. And make it a point to protect all endpoints in your network: desktops, phones, laptops and any other smart devices that connect to the network are also vulnerable.

Limit permissions



Security experts recommend that people only have the level of permissions needed to do their work. This is called the principle of least privilege, and it is a widely accepted cybersecurity best practice.

Following this principle reduces the risk of hackers gaining access to your data or systems by compromising accounts and stops malware from spreading. Don’t make the mistake of thinking that only the accounts of CEOs are interesting targets. Low-level user accounts are a common entry point for hackers.

Test regularly



Make it a habit to regularly test your security. Vulnerability assessments or audits are great tools to expose vulnerabilities and identify potential weak links in your IT infrastructure. Don’t forget to include the backups in the testing routine.

In addition to periodic testing, test whenever new software is installed or other changes are made.

Enforce a strong password policy



Weak passwords are among the easiest ways for hackers to enter a system.

Since the average business user needs an estimated 200 passwords every month, most people use the same password for multiple purposes and choose very simple passwords such as 12345 or abcde. A strong password has a minimum of 8 characters; combines capitals, small letters and special characters; avoids repeating characters or characters that are next to each other on the keyboard; and does not comprise words from a dictionary. Always change default passwords since they can be found easily on the internet.

Although your password might seem difficult enough to you, it’s probably not. Hackers use automated tools that try thousands of combinations until one works. Other ways passwords are at risk are through phishing or social engineering.

Software solutions exist to help with password management. These applications store passwords for users in a fully encrypted vault, providing a knife that cuts both ways: It makes the life of your staff easier and helps prevent cybersecurity threats.

Raise awareness among your employees



The weakest link in any organization is its employees. Discuss the risks with everyone in your business, and make sure everyone is on the same page as far as security is concerned. Agree on clear rules, for example surrounding the use of passwords.

Regular cybersecurity training can raise awareness and instill a sense of urgency. Through training, your staff learns to adjust their behavior around security and to integrate safety practices in their daily routine by learning things like:

  • How to recognize phishing attempts.
  • The danger of malicious software and websites.
  • The importance of strong passwords.
  • How to keep their credentials safe.
  • How to keep their computers up to date.
  • Only opening attachments from trusted sources.

Talk to our team today to learn how Escalon can help take your company to the next level.

  • Expertise you can trust

    Our team is made up of seasoned professionals who bring years of industry experience to the table. You gain a trusted advisor who understands your business inside out.

  • Quality and consistency

    Say goodbye to the hassles of hiring, training and managing in-house finance teams. You will never have to worry about unexpected leave of absence or retraining new employees.

  • Scalability and Flexibility

    Whether you’re a small business or a global powerhouse, our solutions scale with your needs. We eliminate inefficiencies, reduce costs and help you focus on growing your business.

Contact Us Today!

Tap into the latest insights from experts in your industry

Taxes

Your SMB’s Compliance Calendar: Key Deadlines You Can’t Miss in 2025 

Running a small or midsize business comes with enough challenges – compliance shouldn’t be one of them. Staying ahead of...

Read More
Accounting & Finance

Cash Flow Strategies for Life Sciences Companies: How to Stay Liquid in a Capital-Intensive Industry

In the fast-paced world of life sciences, innovation is king. But staying ahead of the curve often comes with hefty...

Read More
Accounting & Finance

CFO vs Controller: How Startups Can Benefit from Both

CFO vs Controller: How Startups Can Benefit from Both  As companies grow, managing finances and accounting becomes increasingly important. A...

Read More
Small Businesses

The ROI of Outsourcing Business Services: How to Measure Your Investment’s Impact 

The ROI of Outsourcing Business Services: How to Measure Your Investment’s Impact  In a world where every dollar must count,...

Read More
People Management & HR

2025 Employment Law Updates: What to Know

As we step into 2025, businesses across the country face several important updates in labor laws and employee benefits. Staying...

Read More
Startups

5 Signs Your Startup Needs an Outsourced CFO  

5 Signs Your Startup Needs an Outsourced CFO   Startups often operate with lean teams, but as they grow, financial complexity...

Read More
Leadership & Growth

CG Startups: How to Keep Costs Low While Scaling Operations 

Consumer Goods Startups: How to Keep Costs Low While Scaling Operations  Scaling a consumer goods startup requires a careful balancing...

Read More
Press Releases

Escalon Expands Its Reach: Full Stack Finance and Early Growth Join Forces with Industry Leader 

Escalon Expands Its Reach: Full Stack Finance and Early Growth Join Forces with Industry Leader  In a strategic move that...

Read More
Taxes

Delaware Annual Review: What Series A-C Startups Must Know to Stay Compliant 

Delaware Annual Review: What Series A-C Startups Must Know to Stay Compliant  For startups incorporated in Delaware, staying compliant is...

Read More