What small businesses need to know about avoiding Ransomware

Ransomware is an extreme computer virus that demands a ransom be paid within a few days. It encrypts the data on your computer system and, if it is not paid, all the files on the computer will be deleted. This can be absolutely disastrous for any organisation.

As with a lot of computer security issues, prevention is significantly better than a cure. With that in mind, here are five tips to keeping your company safe from ransomware.

Those four words could give you all the protection you need against ransomware, which attacks files stored on unprotected computers. Cloud service providers devote a lot of resources to protecting their computers from such attacks, so keeping one back-up in the cloud is strongly recommended to offer a balance of security and convenience.

For ultimate security, however, you need offline storage too, such as an external hard drive, so you need at least one offline backup and that needs to be stored securely; the last thing you need is to protect your data against cyber attacks only to have it stolen by a thief who took the physical media on which it was stored.

These days, many workers need access to the internet and email to perform their jobs and, even though smartphones and tablets are commonplace, companies often allow a certain degree of personal internet usage for the sake of staff satisfaction.

Online access brings exposure to digital dangers, but most of these can be easily avoided with a bit of basic education.

It may be tempting to assume that younger workers in particular will be “digitally savvy” but assumptions can get you into trouble. Give all employees training on basic cyber security and you can add value and relevance by including information on how they can protect themselves at home, too, and what steps they can take to avoid ransomware and other malware.

Employees need to be made aware of what sort of digital behaviour is expected of them when at work and what sanctions can be applied if they refuse to cooperate with this. While ‘carrots’ are often more effective than ‘sticks’, the importance of your employees playing a role in keeping your organisation safe online should not be underestimated.

Minimum password standards – such as requiring a capital letter and a number within the password – probably annoy pretty much everyone when they’re trying to register a new account, but there’s a very good reason why they’re so widely used. Using password-management software can make using unique and difficult-to-crack passwords a far more realistic and streamlined prospect.

Likewise, while you will want to educate your employees to identify phishing emails, ignore spam and only download/open attachments from secure sources, you want to stop them getting the chance to do any of the above (however innocently) in the first place.

As an employer, you need to take responsibility for overall IT security, including anti-malware protections, firewalls and email filtering.

It’s a horrible thing to say, but a rogue employee (or temp, or contractor) can do a lot of damage – if they have access to sensitive systems. With this in mind, all employers should be managing access (physical and digital) on a “need-to-have” basis and make routine checks to ensure that staff who have access (to places, systems or data) still require it.