What if I told you that it’s been reported that 10% of security professionals paid ransomware demands at some point, and another 35% have admitted to circumventing company security policy?
It’s no surprise that humans are the leading cause of security leaks and data breaches. We’re constantly ignoring popup reminders to update software, clicking on unsafe emails and links, using open networks—the list goes on.
What is surprising is that IT and security professionals are among the top culprits when it comes to engaging in bad practices. What is a firm to do?
Sometimes it’s simply the better business choice to pay a small ransom. If a firm has neglected its backups they are at the mercy of, on the one hand, hackers, and on the other hand, data forensic experts. Sometimes, the nominal $300 or $600 requested is literally $10,000 cheaper than forensics.
Is it unethical to pay? Personally, I should think not. Is it unethical to hand over your wallet in an armed robbery? The real question when it comes to ransoms is – how can we prevent them? Here are 7 security best-practices that work like magic.
For IT managers, the first step involves only notifying firm users when important security updates are available for their devices. The less popups a user gets indicating that he or she must update software, the more important these notifications will seem.
Firms like Accellis work hard to make sure updates are handled automatically, so clients don’t even have to click and install them.
Single Sign On
Another step is incorporating a single sign on system. These allow users to employ ridiculously complex passwords while only having to remember just one.
Password policies should no longer be viewed as optional or cumbersome. Every firm needs a mandatory 90-day rotation for strong passwords. It’s easier than changing the oil in your car, and takes a fraction of the time.
Another must-have for critical systems is dual-factor authentication, where users must enter a password and a special code which is sent only to them. This weeds out hackers who have the password, but not the employee’s phone.
You are probably tired of hearing about it but the firm’s firewall is a must-have security asset. Whether you have a domain or peer group network, you need an enterprise firewall to control what gets in to the network. By preventing malicious content from ever appearing before a user, the firm prevents accidental employee error. A good firewall costs as little as $50 per month, all in.
One of the greatest improvements will come from training the firm’s team to protect themselves from malicious hackers. If everyone understands the basics of cybersecurity, your IT team has decreased the one of the broadest attack vectors.
The Magic Bullet: Backups
Hackers can kiss your ransom goodbye if you have adequate backups in place. True backup and DR costs as little as $99/month, so what are you waiting for? By having full backups in place, with cloud redundancy, you can restore your whole network in a matter of minutes or hours. Problem solved.