With the global damages from ransomware projected to reach $20 billion in 2021, we will continue to see reports of attacks on high-profile companies and organizations making the news.
For example, Carnival Corporation, the parent company of Carnival Cruise Line, Holland America Line, and Seabourn, recently disclosed that an August ransomware attack accessed personal data for guests and employees. Although most cruise lines are still docked because of COVID-19, a successful ransomware attack like this one could damage customer trust in the Carnival brands and send cruisers to a competitor once ships are afloat again.
In addition to the global damages figure above, Cybersecurity Ventures also predicts that there will be a ransomware attack on businesses every 11 seconds by 2021. With that in mind, now is an excellent time to shore up your ransomware protection as we move closer to the new year.
Here are seven solid tips for defending your organization against ransomware attacks and data loss in 2021.
1. Review and Refine Your Backups
Your backup is your business’s lifeline when ransomware hits, so make sure you are doing it right. Don’t wait until half of your data is encrypted to find out the last complete backup was six months ago.
Run a complete review of your backup files and backup process to ensure you are protecting all the critical stuff, that there is a recent backup stored off-site and separate from the network, and that the restore process is tested and working properly.
2. Conduct a Risk Analysis
You might think you have all of your weak spots covered, but what happens if you’re mistaken? Investing in a third-party cybersecurity risk analysis and security audit is an effective way to find out whether your systems are as secure as you think they are.
The audit team will use penetration testing to check the security of your systems and your ability to fend off ransomware and other cyberattacks, so you know where you need to apply some extra attention.
3. Train Employees on Cybersecurity and Hygiene
Educating employees about ransomware prevention is a critical step in protecting your data. Make sure everyone knows what NOT to do, such as click suspicious links and open email attachments from unknown sources.
Have a rapid response plan in place so everyone knows what to do if their computer or device gets infected with malware, including disconnect from the network, isolate infected devices, change passwords, and notify the network admin.
4. Patch Known Vulnerabilities
Software patching is a huge part of ransomware protection, and yet many organizations don’t stay on top of it. Everyone knows it needs to be done, but patching is a time-consuming, manual process. With IT teams already stretched thin, it’s easy for patching to get shoved to the back burner.
At the bare minimum, assign someone to regularly patch known weak spots and closely monitor vulnerabilities that can’t be patched immediately. It’s also a good idea to conduct regular checks for unknown vulnerabilities so they are on your radar.
5. Be Proactive
Don’t sit around waiting to be a victim of ransomware. Take proactive steps to keep the bad guys out. A few ways to strengthen your defenses include:
- Enforcing application whitelisting so only approved applications are allowed to run on the company network
- Following security experts like Cybersecurity Ventures online
- Subscribe to Twitter feeds, blogs, and industry podcasts to stay on top of new and evolving ransomware strains and tactics and learn about emerging cybersecurity technologies
- Scheduling regular access reviews to ensure privileged access to your network and resources is tightly controlled and monitored
6. Create a Disaster Response and Recovery Plan
Having a comprehensive disaster response and recovery plan already in place will protect your company’s data, revenue, and reputation in the event of a successful ransomware attack.
There are a lot of resources available that can walk you through creating a disaster recovery plan, but the high-level, critical components should include:
- A well-trained disaster response and recovery team
- A strategy for business continuity
- Cyber insurance
- An inventory of hardware and software
- Clear instructions on restoring from backup
- Alternative workspaces and communication tools
7. Invest in an Integrated Data and Ransomware Protection Solution
The impact of a successful ransomware attack can be far reaching and drawn out. Without appropriate ransomware protection, your systems could be down much longer than your SLAs, bottom line, and customers will tolerate.
Today’s advanced ransomware protection solutions are equipped to block, mitigate, and alleviate cyberthreats with technology that combines cybersecurity with data protection across all of today’s complex IT environments.
Although no one is sad to see the end of 2020 and we are hoping for smoother sailing in 2021, with ransomware attacks expected to increase as we move into the new year, enterprises can’t afford to let down their guard. Act now to build a security and data loss prevention strategy to protect your organization against ransomware. Download this resource to find out why a ransomware crisis plan is now a business imperative and how to get started on your 2021 crisis plan today.