SMBs need to step up their game
Given both the scope and scale of the ransomware attacks being carried out by hackers worldwide, it’s clear that small- and mid-sized businesses need to step up their game when it comes to ransomware protection. It all starts, says Gibbons, with creating a strong perimeter defense and backing up their data and applications frequently. “First of all, it is essential that SMBs have the right combination of security solutions including backup. SMBs need protection on the frontlines including anti-virus software, email/spam filters, and ad blockers. t’s also crucial that these companies regularly update their various applications – something that often gets overlooked.”
That’s just the start of how SMBs need to harden their defenses against a ransomware attack. According to Gibbons, “Businesses need to have a backup and disaster recovery solution in place in the event that a ransomware attack happens. With a BDR solution, it can take a mere few minutes to roll back to a point in time before the attack hit and fully recover.”
Having a BDR solution in place means that, even if a company’s data has been compromised, it doesn’t have to pay the ransom. Right now, thirty-five percent of MSPs reported small business victims pay the ransom, 15 percent of whom do not recover their data. Those numbers can be lowered significantly if there’s a workable BDR solution in place.
“One piece of advice is to have a proper backup and disaster recovery solution in place because it means that if a ransomware attack does happen, the business does not need to pay the ransom – they can rely on the most recent backup and restore their data from that point,” says Gibbons. Another piece of advice for SMBs is to consider hiring a Managed Service Provider (MSP) because these MSPs are extremely familiar with cybersecurity threats such as ransomware.
Ransomware protection must extend beyond organization’s perimeters
Ransomware attacks are getting more sophisticated as well. The Datto report found that 26 percent of cloud-based applications – including apps that are hugely popular with SMBs such as Dropbox – might be at risk of a ransomware infecting attack. And the report also found that attacks are happening via devices – such as tablets used by workers outside of the office – that have little or no security protection.
It’s time for companies to understand how much of their business runs in the cloud, and how any cloud-based apps or cloud-based systems might be at risk of a ransomware attack. Keep in mind – advertisements for cloud-based apps that you see on the Internet or on TV never mention the security risks entailed or the need for ransomware protection from malware.
But that might be setting up SMBs for a false sense of security, says Gibbons. “Data stored in SaaS-based applications is not immune. Cloud apps such as Dropbox and Office 365 are hit with ransomware attacks and these are applications commonly used by SMBs. There is no single solution that can guarantee protection from a ransomware attack.”
And that might be the biggest single takeaway from the new Datto report: ransomware attacks are becoming so widespread and so sophisticated that companies need to take a multi-layered approach. This approach needs to include plenty of cybersecurity training for front-line employees.
“A multilayered approach is highly recommended, which includes anti-virus software, email and spam filters, updating and patching applications, ad and pop up blockers and cybersecurity training for employees,” notes Gibbons. “Cybersecurity training is perhaps the most overlooked and something that should be implemented by SMBs and enterprises alike.”
The good news is that, with proper training and the right ransomware protection in place, most ransomware attacks can be prevented. At some point, hackers will realize that trying to exploit a company’s defenses simply isn’t worth their time and effort.