It's business as usual at the office, until a ransom note pops up on your computer screen. Your files have been encrypted and the only way to get them back is to pay up. You've become ransomware's next victim and getting your files back and your system up and running again is going to cost you, but not in the way you think.

Unfortunately, cyberattacks like this are becoming all too common for small and medium-sized businesses. In fact, an Osterman Research survey of 1,000 small and medium-sized businesses last year revealed that 35% of them were victims of ransomware attacks. 22% of the businesses surveyed had to cease business operations immediately because of a ransomware attack.

90% of those ransomware infections resulted in more than an hour of downtime and lost productivity, while 1 in 6 infections resulted in more than 25 hours of downtime.

The state of ransomware among SMBs

Clearly, it's more important than ever to protect your network from ransomware attacks to prevent downtime and lost productivity from devastating your business. Here's what you need to know to keep your business safe.

Education Is Key

Cybercriminals and hackers are getting smarter, but it isn't their knowledge of technology that is the real threat. It's their ability to convince human beings to click malicious links or open booby-trapped attachments that make them so dangerous.

Many perpetrators craft their emails to look like they come from legitimate institutions, family members or friends. They may even pose as law enforcement agencies, the CIA or the FBI to scare users into paying ransom to avoid criminal prosecution.

To avoid falling for these tricks, everyone in your organization needs to be educated about these potential threats. Scheduling regular training sessions to discuss network security is one of the best ways to prevent cybercriminals from accessing your systems, whether they are fishing for information or launching a ransomware attack.

Topics that should be covered regularly include:

  • Software to avoid
  • The dangers of clicking links from unknown or suspicious sources
  • Browsing insecure websites
  • Accessing data from unprotected networks, such as public Wi-Fi

Establish and disclose clear security policies and make a plan to enforce them for everyone in the organization, from the staff interns to the CEO.

Use Strong Passwords for Everything

Remember the old saying that a chain is only as strong as its weakest link? That definitely applies to the use of passwords throughout your organization. Be sure that every employee sets up a strong password for EVERY device that they use on your network.

Strong passwords should have at least 8 characters and contain at least 1 number, 1 uppercase letter, and one symbol. However longer passwords are even better.

Encourage your staff to create password phrases that make passwords more secure without being too difficult to remember. For example, a phrase like “My mother's chicken pot pie is the best!” makes a pretty strong password when you add numbers, uppercase letters and symbols to it, like this: MyMother'$ChickenP0tpieistheBEST!

Update All Software

Yes, software updates are a pain, but performing regular updates to your computer's operating system and software is essential to keeping hackers out and malware of all kinds off of your network. Set all software to update automatically, so this step never gets missed. Remember, human beings often have dreadful memories.

Invest in Antivirus & Anti-malware Protection

Be sure that every computer on your network has antivirus and anti-malware software installed to catch potential threats before they become a problem. Advanced anti-virus software will monitor the behavior of your computers and not simply rely on signatures that can be out of date. It should also provide the ability to rollback an infected computer to eliminate an infection. So you never pay the ransom.

Add the Right Firewall

Invest in a professional-quality firewall to block incoming threats to your network before they ever reach your computers. A firewall purchased from a big-box store is not sufficient to protect your business. You need a firewall that is designed for small or medium-sized businesses. You’ll also need to make sure that your firewall is monitored and updated on a regular basis for maximum protection.

Monitor Your Network and Log Activity

Setup monitoring systems to monitor and log all network traffic that comes through your firewall, routers, and applications. Be sure to review this information on a regular basis to thwart potential threats.

Setup a Secure Backup

In the event that your network is attacked by ransomware or other malicious software, you should have a secure, encrypted backup of all your data and files that can be restored at a moment's notice. Your backup should be stored offsite so it won't be destroyed in the event of fire or other natural disaster. Online backups are a great solution that are becoming more affordable for small and medium-sized businesses.

What To Do If You're a Victim

While cybersecurity is becoming more sophisticated all the time, no system is 100% bulletproof. So what should you do if you're the victim of a ransomware attack?

First, DON'T pay the ransom! There's no guarantee that your attacker will release your files, even after they receive payment. Paying the ransom also encourages more cybercrime against you and other business owners.

Instead, call an IT professional right away. Don't try to "Google" a solution or try to fix the problem on your own in order to save money. You could end up making the situation worse and extending your downtime even more. The best approach is to seek professional intervention as soon as possible.

Want to find out if your network is ready for the next ransomware attack? Get a FREE IT Security Assessment from the cybersecurity experts at FrogWorks!