When it comes to ransomware, big businesses get all the attention in the press, which might lead one to think that this kind of cyberattack only targets companies with a big name. But this is far from the truth. On a global level, 43% of attacks are aimed at small and medium-sized businesses (SMBs). In fact, as we’ve recently seen in PandaLabs’ quarterly report, SMBs have a much higher probability of becoming infected with malware. This is because although cybercriminals know that attacks on large companies are more profitable, they are also aware that SMBs have fewer protective measures in place.
Don’t underestimate cyberattacks
Although half of the problems in cybersecurity stem from malicious activities, the other half can be chalked up to a simple lack of preparedness on the part of the victim: carelessness in clicking on links, lack of awareness, inadequate information, and similar shortcomings. And let’s not underestimate the potential costs of these attacks, which can be so damaging that, according to statistics, up to 60% of small businesses never recover.
Make sure your computers are prepared
The tools you use are decisive to the level of protection that your devices achieve. A defense mechanism able to protect against malware of all types, even before it becomes active, is indispensable. These tools should, for example, be able to monitor the activity of your computer in real time. Panda Adaptive Defense combines state-of-the-art protection with detection and remediation technologies as well as the ability to classify 100% of running processes. This allows you to secure your network against both external and internal attacks.
Avoid system mobility
In a perfectly controlled network, the contingencies that could endanger the system are reduced to almost zero. However, as soon as IT employees clock out for the day, that control is lost. Keeping the system isolated, maintaining no contact at all with personal networks or devices outside the working environment, is the best way to avoid this.
Use secure solutions
When it comes to payments, data transfers, and other sensitive operations, we must take into account all manners of security. Using adequate encryption methods, reliable certificates, and secure payment platforms is essential to maintain the “purity” of data. This should of course go hand in hand with active security solutions that are able to detect data theft or “smuggling”.
Regarding this last point, this threat often stems from employee mistakes or from pure chance, and its impact can be reduced enormously with some educational measures and behavior monitoring. Which leads us to our next point…
Educate your workforce
Employees must be made aware of the danger they face when we talk about cyberattacks. Due to their lesser involvement in the future of the company, it is more difficult for an employee or collaborator to pay attention to the errors that could open the doors to a hacker. That is why it is imperative to explain to them the hazards of poor security practices, to provide them with working protocols, a list of prohibited actions, and to explain how problems stemming from cyber activity are solved. And not only in case of emergencies. These things must be taken to account in everyone’s day to day.
Never forget your passwords
Passwords are that thorn in security’s side. Few users are really aware of the value of a password and how relatively easy it is to circumvent it. A password of a certain length that includes alphanumeric characters, uppercase and lowercase letters, and symbols will increase its strength. It is also advisable to change them from time to time, and the same one should never be used for more than a year.
Although there are solutions and companies dedicated exclusively to safeguarding companies’ data, the value of backups should never be underestimated. Ransomware doesn’t only affect large companies. SMBs can also be affected, and for them it can be deadly. Solving this problem would be relatively simple by maintinaing consistent backups of sensitive data. This can (and should) be done both at the general level of the system and at the local level of employees. But you have to do it properly to avoid compromising the company’s data. It is not a simple task, at first, but with some training, it should become second nature. And it could ultimately save your business.