Dealing with a ransomware attack during the COVID-19 pandemic could be a nightmare scenario. While the basics of protecting your organization won’t change during this pandemic; there are some additional challenges that should be considered.

Criminal groups are increasingly switching to COVID-19 themed lures for phishing exploiting your business and employees concerns over the pandemic and the safety of there loved ones.

There’s also evidence that remote working increases the risk of a successful ransomware attack significantly. This increase is due to a combination of weaker controls on home IT and a higher likelihood of users clicking on COVID-19 themed ransomware lure emails given levels of anxiety.

Some current ransomware lures include:

• Information about vaccines, masks and short-supply commodities like hand sanitizer.
• Financial scams offering payment of government assistance during the economic shutdown.
• Free downloads for technology solutions in high demand, such as video and audio conferencing platforms.
• Critical updates to enterprise collaboration solutions and consumer social media applications.

1.   Get a Ransomware and Security Audit

Gain an external service provider audit for your business around systems, configuration and internal process. Their services might range from penetration testing to vulnerability risk assessments and more. Consider working with an outside expert that helps you identify vulnerabilities your team might not be aware of. You might have bigger blind spots than you realize.

2.   Get Cyber-Security Insurance

Major insurance carriers now offer affordable cybersecurity policies. Like other forms of insurance, cybersecurity insurance will cover your business if you lose data due to a breach or ransomware. In some cases, these policies will even pay out ransoms if your data becomes inaccessible. Note that paying criminals should be your absolute worst-case scenario, But this is a piece of mind to sleep at night with.

3.   Develop a Data Protection Strategy

If you had your company audited by an outside source would they identify a detailed list of security issues you can address, especially now you may not always be in the office? For many businesses, it might be as simple as upgrading to a newer and more sophisticated firewall, spam, antivirus, and backup solutions. For others, it could instigate a complex process involving a network infrastructure overhaul, new hardware, and more. If you and your team aren’t sure how best to proceed, consider working with an IT managed service provider who can do all of the heavy lifting.

4.   Develop a Backup and Disaster Recovery Plan

Most businesses have data backups, but few have a plan for restoring data should something go wrong. Be sure your team has established recovery objectives and test them to match your business needs. That helps your business determine how quickly systems must go back online if there’s an issue (RTO or recovery time objectives). It also establishes how much data your business can stand to lose if there’s a hardware failure, ransomware, or other issues (RPO or recovery point objectives). These metrics help your team develop a strategy that keeps downtime and data loss costs to a minimum.

5.   Educate End-Users

The most iron-clad software and hardware is of no help if an employee is uneducated on base cyber information. Part of your strategy should include a plan for helping your users spot and avoid ransomware. Many businesses hold mandatory quarterly simulations of potential emails of various types of cyber-attack and report back ROI on this. Your agenda should cover everything from ransomware to phishing to the growing threats from social engineering scams.

Conclusion

Investing in a ransomware strategy isn’t just a practical decision, it’s an essential one. While insurance can help if the worst happens, what happens to your reputation? What would your clients and prospects think? Rather than become a victim take proactive measures now so you never end up being held up by criminals.

Businesses of all sizes depend on Focus backup services to safeguard data.

Would you like to understand more?

If you would like to discuss the methodologies more get in touch here or give us a call on 01942 835912

Discover more about our North West-based IT support services

Want to learn more about what the right IT support looks like? join us on a web conference call