Ransomware is one of the biggest forms of cybercrime that businesses of any size face today, so how can we protect against it?
Cyberattacks, in particular Ransomware, are on the increase in Australia.
The average remediation cost of a ransomware attack in Australia is $1.12 million
The Essential 8, employee training and the use of Business Continuity technologies will put your firm in a strong position to defend against these threats.
Think your business is too small to attract threats? Big mistake.
Cyber criminals don’t generally target individuals or businesses – they target vulnerabilities. A business of two is as prone to attack as a large corporation if a vulnerability is detected. According to data from the Global Economic Crime Survey captured by PWC, 60% of all targeted attacks in Australia struck small and medium sized businesses.
So what can you do to protect your firm?
1. Start with the Essential 8 – The Australian Cyber Security Centre (ACSC) recommends 8 strategies to assist organisations in protecting their systems against a range of adversaries, known as the Essential 8. The Essential 8 should form the basis of your cyber security strategy.
The Essential 8 strategies are:
- Application Control – to prevent execution of unapproved /malicious programs
- Patch Applications – ensure your applications are kept up to date with the latest versions and security updates
- Configure Microsoft Office Macro Settings – Macros within Microsoft programs are commonly used to deliver malicious software such as malware. Block macros from the internet and only use trusted macros
- Application Hardening – Audit what applications are in use and what vulnerabilities may exist. Remove applications not in use or considered risky
- Restrict Administrator Privileges – only provide administrator level access to those really requiring it
- Patch Operating Systems – ensure your operating systems are kept up to date with the latest security patches
- Multi-Factor Authentication – implement multi-factor authentication across all key applications
- Daily Backups – regularly backup all data and store a copy securely off site, disconnected from your network
2. Training all staff on cybersecurity best practice
Employees are a security risk when they are unaware of what they should and shouldn’t be doing. They may be unaware of the risk of connecting to an insecure Wi-Fi network, how to identify a potential phishing email, or the dangers of installing illegitimate apps.
Organisations should look to ensure all employees undergo regular cybersecurity content and awareness training and that best practice is communicated to all staff.
3. Employ the use of specialised Business Continuity technologies that not only detect potential Ransomware, but also allow you to quickly roll back to a previous version of your data from before the Ransomware attack took place.
Regardless of the size of your firm, you are a potential target of cybercrime. Consult with an expert to get ahead of the game and employ strategies that mitigate the risk of these attacks.
Haydn Corbett is the CEO of Technicalities Group Consulting, an IT Consultancy specialising in Cyber Security strategies for businesses. Technicalities provide advice and services to a number of Legal Firms and are certified IT Partners of Leap Legal Software.