In 2020, 19% of cyber attacks were ransomware and led to more than 346 million euros in loss, according to a recent report. A new study carried out among IT decision-makers reveals that more than half (51%) of them see the fight against ransomware as a major concern, posing a considerable financial risk to their business in the event of an attack.
Ensuring that your company never has to pay a ransom to recover its data is, therefore, a priority challenge for executives of businesses of all types and sizes.
Investing in a strategy for ransomware removal is not just a pragmatic step; it is essential. Because even if insurance could cover a possible incident, what will happen to the reputation of the company? What will customers and prospects think then? Before you find yourself a victim of such an incident, take steps to maximize your resilience.
Here are some examples of tips executives should consider if they want to ensure their business has comprehensive ransomware protection.
1- Perform an audit of the security and anti-ransomware strategies
Several dozen service providers are able to audit your business; their skills can range from penetration testing to vulnerability assessments and more. Working with an outside expert will help identify vulnerabilities that the team is sometimes not aware of. It is indeed possible that you are more exposed than you think.
2- Consider cybersecurity insurance
Major insurance companies now offer affordable cybersecurity packages. These cover the company in the event of data loss or ransomware, for example. In some cases, these insurances even provide for the payment of a ransom if your data is made inaccessible, even though paying would be the worst-case scenario. Insurance can then be the last resort that it is prudent to have if all attempts at resolution fail.
3- Develop a solid data protection strategy
Once you have audited your business by a third-party provider, as recommended previously, you should have a detailed list of security issues to address. It can be as simple as upgrading firewall, anti-spam, anti-virus, and the latest and most sophisticated backup systems. Otherwise, it could start a complex process involving a complete overhaul of the network infrastructure, the purchase of new hardware, and more. For those who are unsure of the best way to proceed, it is advisable to hire a managed service provider who can take care of everything. Such organizations can also provide you with ongoing support and maintenance for your critical systems.
4- Train users
Even the most resilient software and hardware will be of no use if an employee is careless. Part of your strategy should therefore include helping your users identify and avoid ransomware. For example, many companies run mandatory quarterly security seminars where executives help their employees understand the different types of cyberattacks. This program should cover all aspects of the fight against ransomware, phishing, and the growing threats posed by social engineering scams.
5- Establish a backup and disaster recovery plan
Most businesses have backup systems, but few have a disaster recovery plan. It is important to ensure that the team has clearly defined its restoration objectives. This helps determine RTOs (recovery time goals) that define how quickly systems should be brought back online in the event of a malfunction. It also calculates the acceptable amount of data that could be lost in the event of a hardware failure, ransom demand, or other issues (RPO or recovery point goals). These metrics help develop a strategy to minimize downtime and data loss.