A digital battle plan

Posted by & filed under Cybersecurity.

There’s a war going on in cyberspace. Criminal masterminds are reaching across continents into your office and taking files hostage. This faceless enemy can cause havoc to your business by encrypting important files, and demanding a fee to release them. This criminal activity is called ransomware, and last year 40% of New Zealand businesses were impacted by it (PWC).

Being proactive rather than reactive will help reduce the risk of becoming yet another victim and if you do have a ransomware attack, recover your files fast and get your business back up and running quickly. Having the attitude of ‘I’ll deal with it if it ever happens’ will leave you a sitting duck to the enemy.

Inadequate file recovery processes and no business recovery plan will leave you with only one hope of getting your files decrypted – pay up. Being cyber criminals, they’re not the most trustworthy people in the world, after paying the specified amount, they are known to demand more money.  Commanders-in-Chief tend to take the approach of not negotiating with terrorists – we prescribe to the same tactic.

4 strategies to defend your business against Ransomware attacks:

1) Guard you information (Anti-malware and backup files)

Having anti-malware software in place for digital business devices forms your basic armour against cyberattacks. However, if your system does get breached, having offsite backup files is essential for business recovery. myITmanager highly recommend that any backup files should be stored in a cloud system, rather than physically (eg USB stick).

Cloud backup files are:

  • Easier to restore if a system is compromised.
  • Usually automated, so easier to manage.
  • Less likely to incur human error.

2) Get your troops trained (Staff awareness of threats)

Having the technology in place to protect your business’ digital assets is not enough. Your staff need to be trained on how to identify and react to a potential cyber threat. Cyber criminals are sneaky. They are always trying to stay one step ahead of IT defence strategies, and often disguise viruses and ransomware as innocent email attachments (often called phishing).  One recent example of a phishing scam was emails disguised as Xero invoices.

It is important that staff members stay vigilant and refrain from clicking on things that are ‘not quite right’. Education on the latest cybercrime ‘trends’ will help to prevent enemy infiltration of your files.

3) Have a plan B ready (Business recovery plan)

If a harmful event does occur (whether it be ransomware, a natural disaster or something else), a business recovery plan is essential to help your business get back up and running quickly. Having all your key information in one document will make it easier to put your plan into action after a crisis. to learn about the four starting points for your business continuity/disaster recovery plan.

4) Call in the reinforcements (Engage an external IT security expert)

Sometimes it’s hard to stay alert to a threat that’s never happened to you before. Your priorities are more around the day to day running of the business, and security gets put on the backburner.

For businesses without a designated IT role it’s a wise idea to delegate all the technical stuff to external, expert providers, instead of trying to manage it yourself. Strengthen your army with some cybercrime combat ninjas.

A good external IT manager will:

  • Keep anti-virus, anti-malware and security patches up to date.
  • Train your staff on identifying threats (eg emails with viruses, links etc).
  • Advise of any new tools that will increase IT security.
  • Manage and monitor file back up to the cloud.

In a nutshell, they will give you the peace of mind that your important business files are in a digital fortress – as safe as they possibly could be.

The first step to forming a robust battle plan against cyber-attacks is to do an audit of your current systems and processes.

Find out how secure your IT system is, take a couple of minutes to complete our free online test. You’ll receive a detailed IT safety indicator report to see at a glance where your business is most vulnerable.