December 10, 2020

How to build a ransomware defense strategy for your business

Updated May 7, 2024

As cyberattacks continue to increase on businesses, make sure you have ransomware defense strategy in place to protect your company's assets.

We have all heard the stories — a city, hospital network or large organization suffers an insidious ransomware attack. The breach impacts the privacy and data of hundreds of thousands of people and adds up to multimillions of dollars to repair and rebuild the data infrastructure and reputation of the entity. If you think it can’t happen to your small or medium-sized business (SMB), here’s your official notice. It’s time to build a ransomware defense strategy, because you may be next. It’s also past time to add cyber coverage to your toolbox.

Cybersecurity industry analysts warn that SMBs are at ever-growing risk for cyberattacks. Hackers, it seems, have discovered that many SMBs are not paying attention to their cybersecurity. Ransomware attacks, in particular, have skyrocketed over the past several years, and the pace is only increasing. Ransomware attacks continue to be the fastest growing type of cybercrime, with Cybercrime Magazine projecting, in early 2024, that: “The frequency of ransomware attacks on governments, businesses, consumers and devices will continue to rise over the next 8 years and reach every two seconds by 2031.”

What is a business to do? The first step in your ransomware defense strategy is to put in place protective information technology (IT) measures — the sooner the better. The second step is to train employees on how to stay safe. The third step is to make sure you have an appropriate level of cybersecurity insurance to protect your business assets.

Ransomware basics

A ransomware attack is when a cybercriminal takes control of an organization’s computer systems or data by planting malicious software (malware), undetected. The ransomware enables the hacker to lock down programs; encrypt data, making it inaccessible; or even steal data. The hacker then demands the payment of a ransom — sometimes more than once — to release the programs or data. Even worse, regardless of payment, the hacker may choose to publicly leak or sell company data or the personal and financial information of anyone in the system, including customers and employees.

According to the latest Cyber Claims Study by Net Diligence, ransomware attacks continue to account for a large percentage of cyberattack insurance claims. The study found that in cyberattacks from 2018 to 2022, the average ransom demand increased from $60,000 to $555,000. The study also found that ransomware remains the leading cause of loss for SMBs. The average incident cost was $175,000, with the cost of crisis services coming in at an average of $103,000. These costs are enough to drive a company out of business.

And, as working at home has increased, so too have the number of ransomware attacks.

How hackers get in

Two of the top entry points for ransomware infiltration are (1) improperly secured remote desktop protocol (RDP) connections and (2) employees who fall for phishing e-mails.

Many companies enable employees to access their file servers through insufficiently secured RDP. A properly secured remote-access system requires additional stopgap measures to thwart hackers, such as a firewall and encryption technology. Additionally, if your company server’s password is “password,” you should probably think about making your login credentials more cryptic and changing them regularly.

Another troubling point of entry arises when an employee falls prey to a phishing attempt. In fact, the vast majority (more than  90%) of cyberattacks begin with the more finely targeted e-mail tactic called spear phishing, in which cybercriminals target a specific person or department.

Phishing e-mails are very effective delivery mechanisms for ransomware. Phishing often involves enticing the victim to click on unsolicited links or visit a hacked or untrustworthy website. The victim then may divulge sensitive information such as the credentials for the RDP. They may also click a link that downloads nefarious code onto the user’s computer. Either way, the hacker gains entry to the computer system and wreaks havoc.

What you can do to protect your business

Your ransomware defense strategy should include the following actions as a starting point:

First, put in place protective IT security measures:

  • Work with a knowledgeable IT specialist to initiate proper protections and provide needed training.
  • Make sure you have the most current versions of your software, applications and operating systems and that they are updating regularly.
  • Ensure that your anti-virus and other cybersecurity software are operating correctly and are set to automatically update.
  • Create a disaster-recovery plan that includes strategic planning and documentation for rescuing your data in an emergency situation.

Second, train and require management and all employees to do the following:

  • Create secure passwords and update them frequently.
  • Guard company credentials and passwords carefully.

The third step is to make sure you have an appropriate level of cyber coverage to protect your business from cyberattacks. This may involve data breach coverage or cyber liability insurance.

The checklist above is a starting point for building a ransomware defense strategy. If successful, it will help you keep your organization’s important systems and sensitive information out of the hands of cybercriminals. You should work with a qualified IT professional to put these practices and more into place. Far more detailed cybersecurity checklists are also available from insurance companies and cybersecurity sources. Your Bradish agent can help you obtain the most effective cybersecurity insurance coverage to protect your business.

by Kris A. Mainellis