How to Protect your Business Against Ransomware in 2021

When you are running a business, you don’t want the worry of having to deal with your IT and you probably don’t have time to schedule it in. You may even think that cybersecurity is not something of importance for your company, especially if you are a small business. However, statistics show that roughly 60% of small companies go out of business within six months of falling victim to a data breach of cyber attack.

If you are a business owner, ask yourself these three questions:

  1. Is my business safe against IT threats?
  2. Are my employees aware of threats online?
  3. Am I prepared for a disaster?

If you answered yes to all these questions and haven’t reviewed your current IT infrastructure in over a year, then it is more than likely your business is vulnerable to cyber attacks. One of the fastest growing threats, targeting all types of users at home and in business, is Ransomware.

WHAT IS RANSOMWARE?

Ransomware is type of malware that is designed to attack devices, preventing individuals from accessing their systems or the data that is held on them. From there, the attackers will demand that user’s pay a ransom, in the form of crypto currency, in order for their system to work again.

This type of malicious software is just one of the many moneymaking schemes that cyber criminals use, in which the malware is installed once the attacker has access to the user’s device. Cyber attackers can gain access into people’s devices through spam emails, phishing emails and other social engineering attacks.

Now, we understand that this may sound rather technical, but to sum it up, ransomware is when someone gains access to your data, encrypts it and then demands a ransom on said data so that you can get it back.

The Impact of a Ransomware Attack

A severe cyber attack, such as Ransomware, can be the cause of the downfall and demise of many businesses. Depending on the severity, the impact that a ransomware attack could have on your company is:

  • Temporary, or permanent, loss of your company’s data
  • Damage to your company’s reputation
  • Loss of customers
  • Financial loss associated with remediation efforts
  • Possible shutdown of your company’s operations
  • Legal consequences of breaching data protection and privacy laws.

Even though ransomware attacks occur each and every day, there are a couple of major attacks that have happened in the UK across the years. To show you the severity of what a ransomware attack can do to your business, here are a couple of examples of infamous UK cyber attacks.

 

WannaCry Ransomware Attack 2017 

In 2017, a series of ransomware attacks were released across the world known by the name WannaCry. The UK suffered dearly when the cyber attack swept through dozens of hospitals across the country, costing the NHS a total of £92 million. Around £72 million of the total cost was spent on restoring the systems and data in the weeks after the attack.

 

Manchester United Ransomware Attack 2020 

Towards the backend of 2020, the notorious football club, Manchester United, had fallen victim to a cyber attack in which the hackers were demanding millions of pounds in ransom. On top of that, the football club could have also faced fines of £9 million, £18 million or two per cent of their total annual worldwide turnover if the attacks were found to have breached their fans’ data protection.

THE RISE OF RANSOMWARE ATTACKS IN A PANDEMIC

In 2019, around a third (32%) of businesses report having cyber security breaches or attacks in the last 12 months. Only a few months later in late March 2020, it was reported that almost half of businesses (46%) report having cyber security breaches or attacks in the last 12 months.

Even though statistics for the overview of 2020 are yet to be collected, we can confirm that there has been evidence to show an increase in cyber attacks. As of October 2020, it was reported that there was an 80% increase in ransomware attacks in the UK in the previous three months, in which many hackers are choosing to take advantage of the mass remote working.

Naturally, cyber criminals will target individuals who they see as vulnerable, therefore people working from home are the perfect target. A mid-year report from BitDefender in 2020 found that coronavirus-themed threats had become the new norm, in which 4 out of 10 Covid-themed emails were spam. By preying on people’s vulnerability at home, combined with the fear of pandemic related social engineering attacks, it’s no surprise that the number of cyber attacks has risen.

Another issue is that at the start of the pandemic, many business owners were focusing in trying to find a quick solution for their employees to work from home. And let’s be honest, not many people thought that the pandemic would have continued on as long as it has!

But the reality is, the fast fixes that many businesses put into place at the start of the first UK lockdown are just not cutting it anymore.

There are two main solutions that companies turned to back in March:

  • Remote Desktop Protocol (RDP)
  • Virtual Private Network (VPN).

Remote Desktop Protocol (RDP)

What is an RDP? An RDP enables a remote desktop session for employees to use, in which they could then access their office desktop or servers from another device over the internet.

The Problem: A continuous problem with using RDP is that many organisations fail to ensure that the proper security measures are in place. Insecure RDP configurations are regularly used by ransomware attackers in order to gain initial access to their victim’s devices. And this is just the beginning of it…

Once the malware software has entered the system, it could also spread across the entire network, all through the RDP port. That means that not only is one of your user’s devices and data compromised, but now your entire business network as well.

Virtual Private Network (VPN)

What is a VPN? A VPN provides individuals with the privacy and anonymity when online by creating a private network from a public internet connection. They make use of IP addresses so that your online actions are virtually untraceable.

The Problem: You may think that having a more secure VPN will benefit your business. Well, the answer is both yes and no. Whilst you will have a more secure connection that previously, connection speeds and applications performance can suffer and decrease drastically.

Another side note is that hackers often use VPNs to gain access to networks. If your business has third-party vendors, and each vendor has full access to your network, then a hacker would have multiple entry points to break into and exploit your network using VPN traffic.

To summarise, both RDPs and VPNs can offer your business a quick fix, especially for remote working, however there are many issues and risks involved in this decision, such as:

  • Leaving your business data and employees vulnerable
  • Negatively impacting on workload productivity
  • Connection speeds suffer and fluctuate depending on when people are working.

Overall, these are not viable options for the future to come, especially if more employees wish to work part-time in the office and part-time from home. This will only leave your business system more susceptible to ransomware attacks.

4 Ways to Protect Your Business from Ransomware Attacks

Businesses are told to take a proactive approach in protecting their IT and business systems, and even though it is vital to protecting your business, you may not always have the time or money available.

That’s why with Citadel Technology, we protect our customers against cyber attacks, including ransomware attacks. We proactively take care of your system through Citadel’s Hosted Desktop, ensuring that your business can continue to operate safely. We help to protect your business by:

  1. Updates – We regularly apply the latest software and application updates, ensuring that the newest patches and fixes are implemented.
  2. Regularly cloud backups – Our backups are taken on a daily basis and stored in ISO accredited, UK-based data centres.
  3. 2 Factor Authentication (2FA) – We require all our users to complete our 2FA as an added level of security when logging into our system, ensuring that only you can verify that you are accessing your account.
  4. Email Security Measures – we implement anti-virus and anti-spam filtering on all your email accounts to help prevent phishing scams, malicious code and social engineering attacks.

If you would like to know more about how Citadel Technology could help to protect your business against Ransomware, get in touch with our team.

4 WAYS YOU CAN PROTECT YOUR EMPLOYEES FROM RANSOMWARE

Even though we can try and prevent cyber attacks with our various security measures, there is always a small risk involved with human error.

In fact, a report by the UK Information Commissioner’s Office (ICO) showed that 90% of UK data breaches were due to human error in 2019. This proves that alongside IT security measures, businesses need to inform and teach their employees how to safely work online.

  1. Educate your employees – By effectively raising awareness within your team, your employees will be educated on the warning signs and safe practices that they must follow when working on the business system, that way they can protect themselves.
  2. Enhanced passwords – Ensure that all your employees have a long and unique password, different from their personal passwords. It should also include at least eight characters, a combination of letters, numbers and symbols.
  3. Be cautious – If an email appears suspicious to you but it is from a known person, then call them to verify the legitimacy.
  4. Verify email requests – Even though Citadel work to block any spam emails through to your account, there is always the risk that one might creep through the cracks. If so, then make sure you verify the legitimacy. For more details on how to identify a phishing email, follow these tips on how to protect yourself.

WHAT IS THE FUTURE OF RANSOMWARE?

Ransomware attacks are nothing new, however they are become infamous for businesses across the globe. With the rise in cyber attacks in 2020, it predicted that attackers in 2021 will be targeting companies that are under pressure from the post-pandemic economic recession. Because of this, many companies are likely to cave to ransom demands.

By the end of 2021, ransomware is expected to attack a business every 11 seconds, according to Cybercrime magazine.On a global scale, this could accumulate to global damages reaching £15 billion, making ransomware one of the fastest growing threats in cybersecurity.

Conclusion

If 2020 has taught us anything about cyber attacks and tech related vulnerabilities businesses face on a day-to-day basis, it is that your IT budget should be considered vital if you wish for your business to survive.

As well as the future of your business on the line, the financial and legal consequences of falling victim to a ransomware attack will cost your dearly, even if your business does recover. With all this taken into consideration, organisations need to take a good look at their current cybersecurity measures and ask themselves “is this good enough”?

Talk to the Team

Now think back to the three questions we asked you at the beginning. Can you say with confidence that you are protected against cyber attacks, that your employees know how to stay safe and that you are prepared for a disaster? If you are unsure on your answers, then speak with the Citadel Technology team to see how we can help your business.

At Citadel Technology, we focus on helping business by providing a consistent experience anywhere, anytime and on any device. As part of our package, we include security management of your IT, ensuring that you can work in peace whilst we filter out malicious content and prevent cyber attacks.

Our aim is to get you and your team to working in a secure, managed environment, on the Citadel Hosted Desktop, looked after by our team. If you are interested in finding out more, then please do get in touch with us at [email protected] or give us a call on 0345 340 2120.