Free Enterprise - The FindLaw Small Business Law Blog

How to Protect Your Business and Employees From Ransomware

As hackers and cyber attackers get more sophisticated, preventing digital security breaches in business becomes more difficult. As soon as the good guys find a way to stop one virus, the bad guys write another two. Over the past few years, cyber attackers have set their sights on businesses that rely on digital data to operate. The goal in a ransomware attack is to gain access to the business's computer systems, then encrypt the business's files, and require the business to pay a ransom in order to have their files un-encrypted.

Ransomware targets can range from individuals to small businesses, big businesses, and even government agencies. Because every business is different, each business needs to create a digital security policy and digital emergency plan to protect the business and the business's employees.

Digital Security Policies

If employees use computers and/or need to rely on accessing a computer network or server for work, then your business needs to have a digital security policy. The policy should include having up to date and reliable anti-virus software installed on all devices, as well as regular digital security training and regular updates on the newest digital scams.

Providing employees with anti-virus software for their personal computers is suggested if employees use their personal computers to access work networks or perform any work whatsoever with sensitive data. Some businesses have even started fake cyber attack drills which test to see which employees actually open suspicious emails, click the links, follow the instructions, or, worse, download and install the files.

Another policy that can decrease a business's chances of getting targeted is reducing the number of employees that have access to company email and/or the internet even. Also, businesses should be using whitelist software,which prevents any unknown software, including viruses and malware, from being installed. Additionally, digital security policies should explain how information should be backed up.

Ransomware attackers are increasingly learning to target the most important data, as well as detect and delete/disable backups. Because of this, requiring off-site, third-party or even non-networked/cloud backups, such as to an external drive, might be advisable.

Digital Emergency Plans

Cyber attacks and hacks are something that businesses need to plan and prepare for, as anyone can be a target. Having an emergency response plan for various types of attacks can help streamline the process of going from hacked to back to work. One hospital, recently, was able to thwart a ransomware attack by just deleting their systems and reloading from a recent backup.

Working with a digital security specialist or expert to develop and regularly update, not just your digital security policies but also a digital emergency response plan should be done whether your office has one or 1,000 computers.

Related Resources: