A backup strategy can keep you from being held ransom – literally.
I've written about ransomware and that backing up data is one way to not have to pay a ransom (Read Data Backup Can Protect You From Ransomware and Ransomware – Something REALLY Scary on Halloween).
While we've been lucky in that we haven't had to say this to a client yet, we could say, “Well, we have been backing up your files to a secure data backup. So don't pay them and you still have your information after we restore your data.”
There could be some data loss depending on the timing of the attack and the most recent backup, but in most cases, lost information will be minimal.
The 15 tips from the four articles I've linked to below contain best practices and tips that will keep your data from being held for ransom.
Five Tips for Ransomware Protection.
From Collabrance, this infographic is a great snapshot of tips as well as stats about ransomware. The tips are simple:
- Educate your employees – Keep reinforcing the idea that bad things happen when you click on a link or a document from an email sender you don't know
- Update systems
- Use antivirus software (and keep it up-to-date)
- Follow a sound data backup strategy
- Use multiple layers of security – firewalls, Web filtering, and more
Will Your Backups Protect You Against Ransomware?
Everyone, even individuals, has access to backup services. So why were there $209 million in ransomware payments in the first three months of this year (according to the FBI)? Backups work, but you have to do them the right way. This article from CSO highlights four common backup mistakes:
- Not backing up the most important information – even entire machines
- Not testing backup files
- Placing backups on drives that are still accessible to hackers
- Focusing only on the ransomware, some hackers use ransomware as a cover for other attacks.
Five Backup and Recovery Best Practices
IT research company Gartner released guidance about protecting your company from ransomware in June this year. Here are the five steps they recommend:
- Step 1 – Form a Single Crisis Management Team. EVERYONE has to work together – in large organizations, don't allow different departments to respond on their own to ransomware.
- Step 2 – Implement End Point Backup. Laptops and even phones that contain valuable information should be part of the backup strategy.
- Step 3 — Identify Network Storage Locations and Servers Vulnerable to Ransomware Encryption. Look for where drives are mapped to to secure all vulnerabilities.
- Step 4 – Develop Appropriate RPOs and Backup Cadences for Network Storage and Servers. Find your sweetspot between too little backup frequency and too much (which could cost more than it's worth). And have the hard discussion about how much data loss is acceptable for your business.
- Step 5 – Create Reporting Notifications for Change Volume Anomalies
Download Use These Five Backup and Recovery Best Practices to Protect Against Ransomware here. The download is free, though you are required to complete a form.
11 Things You Can Do to Protect Against Ransomware
This list is from 2013, but is still useful. Here's one of the 11 tips: if you think you've clicked on a suspect file, disconnect from WiFi or unplug from your network immediately. If you're fast enough, you might be able to prevent the ransomware from communicating back to its server before it finishes encrypting your files. It's not a perfect prevention tip, but could minimize the damage.
Ransomware is a real risk, but like any risk it can be managed with smart application of information technology – especially backup.
For more information on everything to do with Managed IT Services, check out our resource page, here.