Ransomware is on the rise, no one will deny that anymore. Where once the goal was to gain access to bank accounts, attackers are now getting paid to decrypt victims’ files.
Preventing you from becoming a victim of ransomware
As a business owner, you don’t want to think about your organization’s files being encrypted by an internet criminal. Unfortunately, the trend of ransomware has only increased recently and it does not look like it will go away anytime soon. There are now even providers that offer ransomware as a Software-as-a-Service (SaaS) solution – this is also known as Ransomware-as-a-Service (RaaS). In this process, a ransomware creator sells a software package, this software package is then used by other criminals to attack victims. In ransomware, files and systems on a computer are encrypted and the hostage taker demands a ransom to release them. Companies and organizations that do not have backups or are missing critical data often feel compelled to meet this requirement.
6 tips to reduce the risk of a ransomware attack
It is important for organizations to properly guard against ransomware. In any case, these 6 tips will help you ensure that your organization is more resilient to ransomware.
- Make backups using the 3-2-1 principle
The 3-2-1 backup principle is certainly not a luxury; the principle is as follows:
- Make sure you have 3 copies of your most important data
- Keep backups on at least 2 different media (e.g., hard drive and tapes)
- Store 1 copy outside the door
3 copies of your most important data
Make sure you store important data securely in three different locations. So not in the same folder or on the same disk. The more copies you make of your data in different locations, the lower the risk of losing the data becomes. Also check that IT administrator is backing up your data.
2 different storage media
If several copies have been made, it is obviously not convenient to keep them on the same device. In an age where viruses, malware and hackers are the order of the day, you run the risk (and it’s risk is high if you haven’t secured it properly) of losing all the data on the device where you stored it. Therefore, make sure you have a copy on at least two different storage media. For example, a NAS but also tapes.
1 backup offsite
Finally, it is important to have physical separation for your third copy. So make sure you don’t keep all the data in the same physical location. For example, keep in mind that a fire could break out or be broken into.
- Provide a safe work-from-home environment
It is important to provide a safe home working environment for employees so that they can meet your organization’s security requirements even from home. You can read more about this in the article “How do you make sure your staff works from home safely?”
- Have the corporate network tested
To be more certain about the digital security status of your corporate network, it is important to have it properly pen-tested. This involves detecting potential vulnerabilities before they can be exploited by potential attackers.
- Make sure all systems are up to date
It is important to ensure that all business systems (e.g. laptops, computers, phones but also servers) are regularly provided with the latest security updates. This reduces the chance of hackers getting into your organization through vulnerabilities.
- Have a clear and strong password policy
It is important for employees to choose a secure password, to facilitate this it is important to have a clear and strong password policy. It is recommended to have a password length of at least 12 characters, special characters, numbers, uppercase and lowercase letters
- Have a digital burglar alarm installed
In order to detect if an attacker may be trying to get in, it is important to apply some form of security monitoring to the corporate network. This is just as important as having an alarm system for your office building. Security monitoring involves monitoring traffic to detect attackers. So a kind of digital burglar alarm.
Want to know if your organization's corporate network is secure?
Do you want to know to what extent your company network is technically resilient to hackers? Please contact us. We will be happy to speak to you and do everything we can to assist your organization in these turbulent times in the field of IT Security!
Also read: The 5 biggest CyberSecurityrisks
Security incident? Get acquainted with incident response
Our incident response team is available 24/7 to identify and resolve any cyber incident
What is Emotet malware? And what does it do?
Emotet is so-called “polymorphic malware” – which constantly adapts itself to avoid detection. The malware is often used by cybercriminals as a springboard to gain access to corporate environments. Once inside, attackers often look for ways to gain further access to the network.
Read the full article: What is Emotet malware? And what does it do?
When am I dealing with a reportable incident data breach?
At the moment that unauthorized persons (can) access personal data, there is a potential data breach. In many cases, organizations are required to report the incident to the Personal Data Authority (AP). The AP was established and designated as the regulator of the General Data Protection Regulation (AVG) and the AVG Implementation Act (UAVG). When a data breach occurs depends on the circumstances. For example, a data breach need not be reported if the risk to rights and freedoms of data subjects is limited. This is in contrast to when an unauthorized person gains access to a customer’s passport or bank account number. After all, in that case, misuse of identity or financial consequences cannot be ruled out. Such incidents must be reported to the AP within 72 hours.
Read more: When am I dealing with a reportable incident/data breach?
Can I always contact NFIR to get help in case of an IT-Security incident?
Yes, we are available 24/7 for SMEs, multinationals, government bodies, educational institutions and non-profit organisations. Within three hours, an incident response (CERT) team is present at every location in the Netherlands (Wadden Islands excluded).
NFIR is an official CERT but what does that actually mean?
CERT stands for Computer Emergency Response Team. The attribute is awarded by Carnagie Mellon University to companies and teams involved in digital security incidents. In the Netherlands, there are a number of official CERTs of large organisations involved in combating cyber incidents, such as the NCSC, the IBD, the Ministry of Defence, telecom organisations and banks.
Incident Response Plan
Know what to expect in the case of a IT security incident. Read more about the Incident Response plan.
