Protecting Your Company from Ransomware

Ransomware has become so lucrative that an industry has developed around it, with commission-based ransomware-as-a-service programs that allow the malware to be deployed by anyone who can key a ransom and payment deadline into the software.

The harm associated with ransomware is preventable with preemptive cybersecurity. The simplest method is to perform regular backups stored in locations segregated from the network. A good practice is to back up files in three places: the file server, a local disk backup, and the cloud. The backup files should be encrypted so that only you can access them.

Downtime caused by malware may be more painful than the ransom. According to a 2016 survey by Researchscape International, organizations affected by ransomware attacks experienced an average of three days without data access.

Downtime can be reduced or even eliminated by a continuity plan. Having a plan is also crucial because attackers give victims a time limit for the ransom, a factor that can impair rational decision-making.

Organizations should teach employees best practices when opening email attachments and interacting with web pages. Education can be augmented with technical safeguards, such as application white-listing (allowing systems to execute programs permitted by security policy) and using virtualized environments to execute programs.

The invasive and pervasive nature of ransomware has served as a wake-up call: No organization can ignore information security in today’s global electronic marketplace.