CONTACT US: (954) 764-8040

Small Business Alert: Here’s How to Reduce the Risk of Malicious Technology

To view the original article from LAN Infotech click here.

Small Business Alert: Here’s How to Reduce the Risk of Malicious Technology

Governments and healthcare aren’t the only organizations hit with ransomware — small to mid-size businesses are huge targets. See how to reduce risk and recover after an attack.  

Big businesses are the ones that make the biggest headlines when it comes to ransomware: Baltimore is still suffering through a major attack, the city of Atlanta spent millions attempting to resolve their issues and the Cleveland airport was also hit with a major ransomware attack in early 2019. Smaller firms may not be as visible, but it’s happening to these organizations just as often. While the threat of attack is significant, there are key recommendations that IT security professionals share with their clients. The goal is to build layers of security, from ensuring that all patches are up-to-date to creating a robust backup and disaster recovery strategy. “There are really only two choices when your business is hit by ransomware. You can A, hope that you have a good backup or B, decide that if you want to go out and get your files back you have to pay that ransom”, notes Michael Goldstein, President of LAN Infotech. Here are some of the top recommendations from the security team at LAN Infotech, one of Florida’s top IT managed services firms.

1. Robust Backup and Disaster Recovery Strategy

One of the most important things that you can do as a business leader is to immediately deploy a robust backup and disaster recovery strategy. This includes ensuring that your backup meets the needs of your business; while some organizations need a near real-time backup, others are able to manage with a backup every five minutes or so. It’s a fine balancing act between the potential data loss and the cost of ensuring that every single transaction and change to your data is captured. More stringent backup measures are often required to maintain compliant in financial, healthcare, legal fields.

2. Deploy Proactive Security Measures

The best defense starts with proactive security measures that stop the majority of these attacks before they make it near your sensitive business systems and customer information. Content scanning programs and tough email scanning strategies can help reduce the possibility of falling victim to a ransomware attack. As you’re setting up email scanning, keep in mind that even the most innocent-seeming attachments from an unknown source could prove to be dangerous.

3. Ongoing User Training

Ensuring your users fully understand the potential damage that can be caused to the organization by an accidental click on the wrong link or attachment is mission-critical. Studies show that 96% of ransomware attacks originate in email boxes, with employees much more likely to fall victim due to social attacks than actual system vulnerabilities. While the majority of staff members do not click on malware when it comes in email form, there are still enough taking the bait and allowing cybercriminals to gain a foothold within the organization.

With phishing emails being the top delivery system for malware in 2019, education should extend far beyond not entering your username and password on a dicey website. Any simple file attachments such as a Microsoft Word, Excel or PDF file could easily be infected. If you open a file that arrived via email and it requests a login and password — think twice before taking that step. Common sense and awareness are the best ways to reduce the spread of ransomware. Be sure users know the trick of hovering over an email address to confirm that the text of the address and the actual address are the same. Even an email that appears to be from a trusted internal source could be a masked email masquerading as something more benign.

4. Maintain Antivirus and Anti-Malware Software

Simple antivirus and anti-malware software should be installed not only on your desktop computer and laptop but also on your mobile devices, too. Think of antivirus software similar to a flu shot — you’re never completely sure which versions of the flu will be the strain that is highest in priority for the year, but taking the flu shot still improves your chances for survival. Antivirus software isn’t a perfect solution, but it certainly adds a level of protection for your business.

5. Keep All Patches Current

If you’re on a Microsoft platform, patch maintenance is a vital part of your cybersecurity strategy. At the end of January 2020, Microsoft will no longer support Windows 7 — meaning the patches will no longer be available. Every time Microsoft releases a new patch, it might as well as a blueprint for cybercriminals to look for vulnerabilities. If you haven’t applied the provided patches, your system is open game for predators looking for an easy win.

6. Ensure Your Remote Connections Are Secure

Your staff members should always be aware that public WiFi is a dangerous proposition. You can’t trust that the free coffee shop WiFi is fully protected, and you should never connect to secure sites from a connection that is less-than-secure. Surfing the web for basic information may be fine, but even social media sites can be dangerous because anyone can capture your password — which might be used on other sites.

7. Limit Connections to Social Media and Streaming Sites

Are you seeing a bit of a productivity drain from your staff, but can’t figure out what’s happening? You might be surprised to learn the amount of time that people spend on social media and streaming video sites on a daily basis — much of it during working hours. Even staff members with the best of intentions can be distracted while looking up a quick video, and look up only to realize that 30 minutes or more has passed by and their productivity is quite a bit lower than expected for the day. DNS filtering software not only helps reduce the possibility of a cyberattack but can also block social media and other ‘sinkhole’ sites from your staff.

There are no easy ways to manage ransomware other than having an excellent backup. Most security professionals do not recommend paying a ransom, but without a secure backup that is easily accessible — you may not have other options. If you’re concerned that there are security issues in your business, it’s imperative that you contact a professional who has experience providing superior cybersecurity support. At LAN Infotech, we work with organizations of all sizes to ensure that your business data and applications are fully backed up and secure. Contact us today at (954) 686-8276 for a free initial consultation, or fill out our quick online form for more information about how we can keep your business safe online.