An increase in ransomware attacks is raising red flags amongst the federal government’s cybersecurity community.
In fact, just recently, the United States Secret Service issued a security alert to American-based businesses, warning that foreign cybercriminals are targeting the millions of employees who have shifted to a work-from-home environment in response to the COVID-19 pandemic.
Dating back to September 2013, however, ransomware is not a new problem to strike the United States.
First designed to encrypt the personal photos and videos of home computer users, foreign cybercriminals have changed their attack vectors in recent years to instead target what they believe to be a more profitable market for their malicious crimes – American businesses.
As these cyber threats continue to grow in complexity and frequency every day, so do the costs associated with them.
In fact, research conducted by Accenture revealed that the average cyber-attack costs a small business nearly $200,000 and, of those who do fall victim, 60% close their doors permanently in six months or less.
These developments have left business owners feeling overwhelmed by cybersecurity.
One simple attack and the business that they’ve worked so hard to build could be shuttered forever. As a business owner myself, that’s intimidating, and I get it.
Fortunately, however, while these threats are terrifying, the good news is that this fear can be met with action. The power to protect their business lies in their hands, and to do so, business owners must employ these 5 steps:
1. Business owners must ensure every device on their network is utilizing a proactive antivirus software.
Notice I said proactive – that’s really important. The FBI and Department of Homeland Security all recommend this approach, known as application whitelisting, because it nearly eliminates the risk for bad software to infect your computer.
Antivirus protection is your first and last line of defense for preventing cyber-attacks.
Be sure the solution you're trusting to keep your devices and data secure is taking a proactive approach to preventing these attacks, as many new attack methods make restoring networks post-infection nearly impossible.
2. Employees should only be allowed to use remote access when absolutely necessary.
And when they do utilize it – they must disable it as soon as they’re done.
This is so important that the FBI issued a public warning concerning cybercriminals and their use of remote ports to break into networks and deploy ransomware.
Keep these ports secure at all times – it’s very important to your network’s security.
3. Business owners must educate their employees on cybersecurity risks.
It sounds obvious, but the more your employees know about the current cybersecurity risks, and more so, cybersecurity hygiene, the better.
Think about it this way – if your employees know how to spot a phishing e-mail, they’re not going to click on it. Instead, they’ll be trained to report it, and the appropriate action can be taken to ensure everyone on your network is safe from this malicious attempt. The same can be said for other cybersecurity risks.
4. Insist that your employees only use their work device for work purposes.
Activities such as online shopping and checking their personal e-mails on a work device can open your network up to a variety of security vulnerabilities.
5. You must have strong password protocols.
All employees should be required to use a complex password. This means a mixture of upper- and lowercase letters, numbers, and special characters.
Additionally, employees should be required to change passwords every 3-6 months, and strongly urged to use a different password than they use for personal purposes.
Cybercrime is a real threat, and yes, your business could fall victim to it.
Precautions won’t be taken for you, but the power to take these precautions and protect your business is in your hands.
If you take these five steps, you won’t eliminate every risk, but your risk of becoming a cybercriminal’s next victim is far less likely.
Rob Cheng is CEO and founder of PC Matic.