One thing is clear when it comes to ransomware: everyone is a potential victim. From cities like New Orleans, which was rocked by a ransomware attack in December, to companies like Visser and Epiq Global, both of which were hit very recently, and finally down to each individual themselves, no one is one-hundred percent safe.
And these aren’t just threats. Real, harmful attacks happen at an astounding rate. Over 4,000 hacks occur every single day using ransomware alone. In other words, the “big attacks” that make the news aren’t the only ones occurring.
Ransomware is a term used to describe malware which encrypts files on the host system, making them inaccessible to the user. The program then demands payment usually in the form of a cryptocurrency, making it nearly impossible to track. Hackers threaten either to delete your data or release it to the public (aka “extortionware”).
Inc.com called ransomware “the number one cyber threat” of 2019, saying that things would only get worse for 2020 and beyond.
Ransomware can devastate a business. 86% of people say they are “not at all likely” or “not very likely” to do business with an organization that suffered a breach of credit/debit card information.
What’s more, within six months of getting hacked, 60% of small and medium-sized business go out of business. And while the FBI discourages victims of ransomware from paying the ransom to get their data back, people still do. In the last six-and-a-half years, victims shelled out over $144 million to (try to) get their data returned/decrypted.
Despite these shocking numbers, there is evidence that people are getting numb to data breaches. Comparitech says investors can experience “breach fatigue,” meaning they are less shaken by data breaches over time, leading to less significant drops in stock prices to companies that experience one.
That’s the trap, though: getting complacent. Thinking a ransomware attack won’t occur to you or your business (or assuming that, if one does happen, it won’t be so bad) is a pretty surefire way of making sure you’re not ready for one when it happens.
Therefore, you could say that having a plan is the best defense against ransomware. While that is completely true, it is also helpful to look at some more practical measures.
The first among these is to back up everything—and to do so frequently. For some companies, losing access to just a quarter of their data is catastrophic. Therefore, disaster recovery is an absolute necessity. Beyond just backing everything up, your recovery plan should follow a couple of principles.
First, never put all of your eggs in one basket. You don’t just need redundancy; you need diversity. Your backups should be separate from the servers themselves, and those servers should be run and maintained separately. In other words, your data should be siloed. Your backups should also be kept offline so they cannot themselves be encrypted by ransomware. An infected backup is just as useless as an infected drive or server.
Following this advice helps guarantee that when ransomware strikes, you won’t have to face the humiliation of paying the criminals what they want. You can just reboot to the previous backup you created six hours ago and quickly get back to one-hundred-percent operational status again.
An unfortunate truth about backups is that they can be expensive and time-consuming. But remember—they are critically important in the event of a ransomware attack, just as insurance is incredibly important in other aspects of your life. You don’t want bad things to happen, and you certainly don’t want to pay for insurance. But when something bad happens, though, insurance quickly pays for itself.
Luckily, all backup solutions are not created equal. The ones that your in-house IT department develops can be capital and labor-intensive. Turning to a trusted managed service provider, however, opens new doors. Not only are they IT experts, they have security solutions your business needs at an affordable rate.
That’s where Machado Consulting comes in. Our team consists of trained professionals you can trust to deliver the industry’s best practices for backups and disaster recovery. Let us work with you to develop a plan that works for your business. Reach us here or by phone at (508) 453-4700.