How To Protect Your Small Business From Ransomware
Written by: Jason Firch
In short, you can protect your business from ransomware attacks by:
In this article, we’ll discuss the rise of ransomware and it’s impact on businesses, and the latest trends and research driving these attacks.
By the end, you’ll be armed with practical and actionable steps you can take to protect yourself from becoming the next headline.
The Rise Of Ransomware On Small Business
Small businesses are often perceived as easy targets by threat actors due to their typically limited cybersecurity resources and internal expertise.
According to the State of Ransomware Report by Malwarebytes, ransomware attacks are at an all-time high.
In just four countries—the US, Germany, France, and the UK—1,900 ransomware attacks were recorded in one year.
In the US alone, there was a 75% increase in the average number of monthly attacks.
NCC Group also released its Threat Pulse for September 2023 citing a 153% (514 victims) year-on-year increase in ransomware attacks.
North America topped the list at 258 victims with healthcare seeing the greatest increase from the previous month.
Best Practices For Protecting Your Small Business From Ransomware Attacks
1. Provide Security Awareness Training
Employees are not only the first line of defense but also potential unintentional insider threats.
Despite the critical role of security awareness training in mitigating these risks, 1/3rd of companies do not provide training to their employees.
Unfortunately, even when security awareness training is provided, it often fails to effectively equip employees to thwart attacks.
This inadequacy stems from various factors :
The content tends to be mundane and unengaging, leading employees to rush through it without absorbing the crucial information needed to detect and respond to threats.
This approach is problematic because 90% of the taught content is forgotten within 1 week if not practiced.
Moreover, the challenge of delivering engaging in-person or virtual training exacerbates the situation, with many programs reduced to mere compliance checkboxes.
To counteract these shortcomings, a more robust approach is required. This involves continuous awareness training supported by the top levels of the organization. Regular training has been shown to reduce risk from 60% to 10% in the first 12 months.
Beyond basic phishing simulations, training should include custom campaigns with vishing and/or smishing, using collected data from department leaders to create the most realistic campaign possible.
Educating employees on recent industry-specific attacks and techniques through Breach Reports can also enhance their understanding and preparedness.
Hi there! 👋 We publish a weekly newsletter featuring the top minds in the industry. If you're new here, then consider subscribing for access to thought-provoking articles, interviews, and more delivered by cybersecurity experts.
2. Implement 3 Factor Authentication
To prevent 99.9% of password compromises it’s recommended that you implement 3 factor authentication.
3 factors of authentication include:
Google’s implementation of 3 factor authentication, involving a hardware token, has been a game-changer, as reported by Krebs on Security.
This method adds an extra layer of security, making it nearly impossible for attackers to gain unauthorized access.
In 2023, Google took this one step further by implementing passkeys in an effort to move away from passwords as an authentication method.
3. Microsegment Devices And Users
Microsegmentation prevents ransomware by breaking down networks into smaller, more manageable zones dividing a network into smaller, isolated segments.
In contrast, a traditional flat corporate network is susceptible to ransomware as it finds open paths to spread throughout the system.
In a report of 1,200 IT and security decision makers, 93% of respondents claimed that microsegmentation is critical to help thwart ransomware attacks.
Microsegmentation implements highly specific least-privilege access controls between zones. It limits communication to only approved accounts, applications, services, and devices.
This approach restricts ransomware’s lateral movement, a common technique used to infect and encrypt multiple endpoints and servers.
If ransomware is detected within a segment, administrators can instantly isolate the affected area, preventing the infection from reaching other business areas.
📖 Like this content? Explore our Cybersecurity Insights.
4. Develop A Ransomware Response Plan
A Ransomware Response Plan is a blueprint to resolve a ransomware attack.
This sequence of steps includes the immediate identification of the attack’s extent and moving to isolate the infected systems to prevent further spread.
The plan also outlines strategies for securely communicating within the organization as well as with external stakeholders to maintain trust and manage public relations during a cyber incident.
As a result of this plan, 63% of organizations say they are successful in restoring their data when they experience a ransomware attack.
A business without a plan often finds itself unprepared, leading to prolonged operational paralysis and potential permanent data loss.
In the case of Garmin, their response to the ransomware attack was a textbook example of the plan in action.
Garmin’s first step was to recognize the breach and swiftly assess what systems were compromised.
Following this, Garmin took affected services offline, including:
Garmin’s response team then evaluated the impact on their data and infrastructure.
Recommended by LinkedIn
For Garmin, having a response plan allowed them to restore services and regain operational functionality with minimal impact to the business.
5. Keep Systems Up To Date
Monthly and weekly patching cadences put your organization at far greater risk to a data breach.
Instead, businesses should adopt a continuous vulnerability management program where systems are scanned and patched daily for discovered vulnerabilities.
This significantly reduces the risk to an organization by shortening the time a known exploitable vulnerability sits on your network.
Threat actors are searching for the lowest hanging fruit to maximize their revenue. Systems that have known exploitable vulnerabilities are exactly what they’re searching for.
With the proliferation of automation and now AI, the entire process of encrypting an organization takes under 45 minutes, with a median time of just under 6 minutes.
▶️ Subscribe to our YouTube channel to watch expert interviews today!
6. Regularly Back Up Data
Regular data backup involves creating copies of data stored in various formats:
However, relying on a single backup method can be risky. For instance, cloud services, if compromised, can lead to restored data still harboring malware.
Despite 92% of businesses having backups, 31% fail to restore data during a ransomware attack, often due to not implementing multiple backup methods or regular updates.
Having a multifaceted backup strategy enhances security by ensuring that if one is compromised, others remain intact.
Regular updates and testing of these backups also ensure they are free from malware and are operating as expected.
7. Have A Disaster Recovery Plan
Having a Disaster Recovery (DR) Plan is essential given that 96% of organizations experienced at least one downtime incident from 2019 to 2022.
Despite only about half of organizations having a DR plan and around 7% never testing theirs, these components can significantly mitigate the impact of a ransomware attack.
An effective DR Plan should include:
8. Perform Red Team Or Table Top Exercises
An alarming 70% of small and medium businesses feel unprepared for a cyberattack. Conducting Red Team or Table Top exercises may provide a solution.
In a red team engagement, an organization’s preparedness is tested against a variety of threats to identify security gaps aimed at improving its overall security posture.
In a recent report, 55% of respondents identify ransomware readiness as the most impactful benefit of Red Team exercises.
Upper management’s exclusive awareness of these simulations ensures that IT and security teams react genuinely, mirroring their response in a real crisis.
Table Top exercises focus on how an organization’s leadership reacts to simulated attacks.
This combination offers a thorough assessment of both the technical and procedural aspects of an organization’s cybersecurity readiness.
9. Work With A Virtual CISO
Working with a virtual CISO (vCISO) is a strategic decision for small businesses to strengthen their security posture.
vCISOs deliver high trust and deep experience, bringing a broad range of proficiencies and historical knowledge across industries.
A key responsibility of a vCISO is to design and implement effective response plans, ensuring that they are regularly reviewed and tested for readiness against security incidents, such as ransomware.
By collaborating with internal security teams, a vCISO provides insights into cybersecurity risks and enables management to make informed, data-driven decisions.
In addition, a vCISO is a cost effective resource, fulfilling security leadership roles without the administrative hurdles and costs of hiring a full-time employee.
10. Use Strong Password Policies And Management Tools
Threat actors frequently exploit weak passwords to gain access to key systems and then deploy malware onto systems to gain full control.
Password dumper malware, a type of malicious software designed to extract and steal passwords stored on a victim’s computer or network, was responsible for 40% of malware-related breaches in 2020.
Once threat actors have escalated their privileges and lock out admin access, they can begin to encrypt your data and demand a ransom payment.
Developing a strong password policy is one layer of security that can help prevent initial access to your account. However, social engineering techniques can easily bypass these methods.
With that said, it’s recommended that your organization enforce strict password policies including:
Password managers, like Dashlane Business, can help simplify the administration and enforcement of these policies across systems and use some of the highest encryption standards to prevent access from threat actors.
How SecureTrust Protects Small Businesses From Ransomware
SecureTrust addresses ransomware protection and prevention for small businesses through an affordable subscription-based model.
Implementation is easy with a 10 minute setup designed to get you back to work while seamlessly protecting your organization 24/7.
These services are fully managed by DoD trained experts who work with your business to monitor, detect, respond, and proactively hunt for threats on your network.
Our Extended Threat Protection (XTP) services provide 3 factor authentication proven to reduce credential threat risk by 99.9% while reducing IT support tickets by 75% by simplifying password policies.
Our microsegementation solution leverages Secure Access Service Edge (SASE) technologies delivered through Helios Cloud™ to provide comprehensive network security.
Finally, SecureTrust takes a continuous approach to vulnerability management ensuring all network connected devices, whether onsite or remote, are up to date with the latest security patches.
With SecureTrust, small businesses can confidently navigate the complex landscape of cybersecurity, ensuring your data and operations are safeguarded against the growing threat of ransomware.
Jason Firch
Jason is a proven marketing leader, veteran IT operations manager, and cybersecurity expert with 10 years of experience. He is one of the co-founders and CMO of SecureTrust.
✋ Wait! Before you go. We'd love to hear your feedback 👇