Protecting Your Business Against Ransomware and Phishing

Protecting Your Business Against Ransomware and Phishing

Ransomware is a very common malware which can be very costly for the victim. The average ransomware attacks costs a business £110,000. Keep in mind the amount of time lost whilst trying to get your data back and the overtime you would have to pay out to your staff. This is a lot of money and with 58% of cyber-attacks being aimed at small businesses it is important that you and your staff are well educated against ransomware and the risks that it poses. Most ransomware is delivered to organizations via emails. Your staff are likely to all have email addresses and therefore they will be the biggest attack area. It is the unaware staff that often fall victim to ransomware which then effects the rest of the business.

Being in the line of business of IT support we see ransomware a lot and we work closely with our clients to protect them.

What Is Ransomware?

Ransomware is a type of malware that limits or fully restrict users from access of this their computers. In most cases the devices becomes locked and the files are encrypted. The user(s) is then prompted with a popup that explains that their data has been encrypted and they will need to pay to get the key to decrypt/unlock it. We could go into detail on how ransomware works and what happens to the device when it has been infected in detail however the aim of this post is to detail in brief how to stay protected. It is worth reading up on ransomware and how it works.

According to 77% of business affected by ransomware are running an up to date antivirus. Antivirus won’t give you 100% protection, nothing can and targeted attacks are hard to fend off. It is important to have an antivirus solution in place whilst taking a layered approach to security so there are different lines of defence and most importantly keep your staff educated and aware of cyber security aware.

How to Stay Protected

Keeping your staff aware of cyber security as mentioned above is important and it should be part of your strategy. Most malware is delivered by emails and by the recipient clicking on links and attachments in the emails. These emails are often designed to look legitimate and its aim is to trick the recipient. Regularly testing and training your staff will help massively here, it will keep them educated and lowers the risks of them being affected by ransomware. Sophos have a training product called Sophos Central Phish Threat, this product lets you send simulated phishing emails to your staff, it then gives you the tools to see who opened the email, clicked on the link, how many times etc. from this you can then get the risky users to do one of the short five minute training modules provided in this product. You can send these emails as often as you want. It works well in testing your staff to see any vulnerability and provide short and effective ongoing training. Keep in mind that most phishing emails contain some kind of ransomware, having this kind of simulated training for your staff would be good business practise.

It is also important to regularly take backups of your data, so that lost data can be easily restored and to have a good and up to date antivirus installed.

Find out more

Click here if you would like to learn more about our cyber security services or call or email us on 0208 518 8353 –