By Sandeep Bhambure, Managing Director, Veeam Software India & SAARC
In today’s interconnected and digitised world, organisations of all sizes face an ever-increasing threat of ransomware assaults. A recent report by CERT-In states that India witnessed a 53% increase in ransomware attacks in 20221. This speaks a lot about the frequency and volume of attacks that we are experiencing on a year-on-year basis. Given the present scenario, it is critical to defend your company from a permanent threat looming in the background, ransomware. Cyber-attacks can compromise critical data and result in considerable financial losses. To protect your company from this ever-evolving threat, businesses must take a proactive approach to cybersecurity.
This article will help you understand the 12 key tips to keep your organisation safe from ransomware, allowing you to protect sensitive data, ensure business continuity, and maintain the trust of your customers and stakeholders. By implementing these easy yet effective tips, you may strengthen your ransomware defences and lay a solid basis for your organisation’s digital security.
Tip 1: Being skeptical is always good
A recent report conducted states that there has been an 18% increase in cyber attacks in India in the first quarter itself2. This suggests the frequency in which Indian organisations are falling prey to cyber-attacks. It is no more about whether you’ve been attacked or when you’ll be attacked, but rather how often you’ll be attacked. Hence, being skeptical always works as it ensures you double-check before moving ahead.
Remember, if something sounds too good to be true, it generally is. Knowing the warning signals for phishing and social engineering will always help you and your business be aware and careful of such schemes. Do not click on strange links, open unexpected or suspicious attachments, or disclose information to someone you do not know or expect to hear from.
Tip 2: Use Strong Passwords and Passphrases
You have heard about this enough already, but it needs to be re-iterated because no matter how regular this might sound, it plays a vital role in protecting your data. Leveraging passphrases to help create long passwords that are easy to remember, but hard for others to guess is paramount. Don’t forget that the longer the password, the stronger a wall it builds around ransomware.
Tip 3: Slow down
Slowing down allows you to avoid making basic errors. It is critical to avoid using auto-completion in emails in order to prevent sending crucial information to the wrong recipient. Make sure you don’t unintentionally click ‘reply all’ when you only want to provide information to one individual in the discussion thread.
1India Ransomware Report 2022
2India records 18% surge in weekly cyber-attacks in Jan-Mar 2023: Check Point
Tip 4: Be aware of malware
Viruses, computer worms and Trojans can hide in legitimate-looking websites, free software packages online and phishing emails. Ensure you have an anti-malware program enabled and kept updated. This might aid your organisation in avoiding cyber fatalities
Tip 5: Stay secure on the go
Remember that security does not end when you leave the office. Being aware of your surroundings and abstaining from discussing sensitive information such as banking details or medical information in public places where others can hear you are two simple strategies to cyber-proof yourself. Keep your device’s screens out of sight of others and, if possible, use a privacy screen. Use an external battery pack instead of public charging outlets to avoid ‘juice jacking.’
Tip 6: Know your data, protect it
When you are aware of the sensitivity of the information, protecting it becomes easier. Understand where you save your personal information, such as banking information, medical information, or account passwords. Determine which information would be the most damaging if it was known by someone else, such as items that could be used in identity theft or to gain access to your money. Protecting such information should be of utmost importance.
Tip 7: Limit access
You may hire the most trustworthy individuals to work for you, but that does not imply that they all require access to your most sensitive information. Consider who has access to your devices and, by extension, your information. Sharing a streaming service account may appear to be a wonderful idea until you realise your credit card information is also associated with the account. Accessing vital data on a need to-know basis is a critical advice for data security.
This not only protects secrecy but also mitigates the impact if someone’s access is compromised. When given the option, employ multi-factor authentication to limit the damage that may be done if your passwords are stolen.
Tip 8: Stay secure online
If you understand that there are scams and risks lurking around every corner of the internet, you’ll be able to recognise and avoid them. Use secure networks, for example, if the Wi-Fi you’re using isn’t encrypted, use a VPN or another layer of security. Use bookmarks for key URLs to reduce your chances of falling for fraudulent dupes of the real ones. Avoid oversharing on social media because anything you publish, regardless of the privacy settings, is public.
Tip 9: Be security aware – report as soon as you sense a threat
Even with the best intentions, sometimes cybercriminals will win a battle. It is important that you know what to do if your information is stolen or your computer or any other device that contains important data becomes infected. Don’t wait until it happens to figure out the next steps. Have a game plan and report anything suspicious using the recommended methods in your country. If you receive something from your work email or device, follow your company’s cybersecurity incident reporting methods.
As it’s always said – it’s better to be safe than sorry. This applies to your organisation as well because it is critical that your company has a defined incident reporting and response process in place to help notify the security staff as soon as there is a danger. The sooner your staff is aware of it, the sooner they can take precautions. Communicate your preferred form of incident reporting to your staff on a regular basis so they know how to contact you.
Tip 10: If you’re able to connect it, you should know how to protect it
Common home goods that have been transformed into little computers as the Internet of Things (IoT) has spread. With the convenience of each smart or connected thing, you increase the likelihood of that gadget being vulnerable to cyberattacks. As cloud services and personal devices used for work (BYOD) blur the perimeter of your business infrastructure, you must guarantee that your corporate policies include a requirement that every device used for work that can connect to the internet be protected. This could include anti-malware software, secure passwords, or access limitations.
Protect the object if it can be connected to the internet. Each device will necessitate a unique solution, but a general rule of thumb is that if you can connect it, you should protect it.
Tip 11: Back up your data
When you are directly responsible for ensuring that all of your devices that hold or carry vital information are secure, you may want a bit more of a safety net in case something goes wrong. Backing up your data on a regular basis allows you to rapidly restore your data and avoid losing family photos, movies, bank information, and other important information.
Tip 12: Train your users to be a security learners
Cyber-criminals are continuously modifying their strategies as they learn about new security measures. You must commit to being a perpetual learner in order to keep one step ahead of them. Understand how cybercriminals think in order to detect a fraud in its tracks.
As the digital landscape advances, the threat of ransomware remains a serious concern for businesses worldwide. However, by following the 12 recommendations listed above, you may fortify your defences against these fraudulent attempts. Remember to prioritise employee education, regularly update your software and systems, impose rigorous password restrictions, and deploy multi-layered security procedures.
Additionally, backing up your data, testing incident response strategies, and remaining educated about emerging threats are critical measures in maintaining a secure company environment. By adopting these safeguard methods and remaining attentive, you may dramatically lower the danger of becoming a victim of ransomware and assure the future prosperity and security of your organisation in today’s digital age.