In a recent article about ransomware and the affect it has on small businesses, the author states that “security experts say the first thing to do after a ransomware event is to upgrade security and backup processes.”
I had to read that twice before I realized how true it was and how erroneous the statement is. If an IT consultant is taking these steps after the fact, then they have failed to adequately protect their client. I cannot see working that way – it is backwards, last generation thinking.
You want to engage with an IT consultant who prepares an entire range of security measures for blocking the possibility of ransomware from affecting your small business in the first place. Implementing heightened security and backup after the fact won’t cut it; security measures have to be implemented before a calamity occurs.
A new proverb in our industry states that “there’s at least one employee in the office that will click on anything.” And because that is more often true than not, you need more than the standard list of preventative measures in place, which consist of:
- Making sure you are running a robust security solution (Internet security, anti-virus, and anti-malware)
- Keeping the operating system up-to-date
- Avoiding the use of plug-ins (such as Java, Adobe Flash, and Silverlight) in your web browsers
- Being careful with email attachments and links in emails from people you don’t know
While those steps are usually issued to help safeguard home users, a small business owner also needs to include the following elevated measures:
- Employing an advanced Unified Threat Management device (firewall)
- Enabling server and desktop back-up to a local device and the cloud
These additional factors should help obviate the statement made by the sources for the article’s author.
However, the most important step any security-conscious IT consultant must take is to ensure that appropriate employee education takes place on a regular basis. This is because the ransomware threat landscape is constantly evolving. Cybercriminals have found a highly effective and lucrative approach to illegally making money. As new forms of socially engineered threats appear, employees must be reminded and their awareness must be sharpened to distinguish between a valid email and a new phishing threat.
If you want this kind of training for your staff, contact me for further information. Don’t be a victim to ransomware!