The unprecedented global ransomware attack on Friday that disrupted the NHS shows just how vulnerable many organisations still are to attack.
Worryingly, a massive 84% of small to mid-sized UK businesses have no official Ransomware policy in place to guide employees on what to do in the event of an attack, according to new research from Timico, an end-to-end, managed cloud service provider in partnership with Datto, a business continuity solutions provider.
The research report entitled The Reality of Ransomware polled 1,000 UK organisations that have been victim to an attack (500 of whom were SMEs). The research found that almost three quarters (74%) of SMEs said that the effects of an attack were almost instant with data systems going from fully functional to essentially useless within seconds and minutes.
For the majority (91%) of victims, systems were down for a week or more, causing £1,000s in financial damage a day to most businesses.
With security experts warning that another major attack could be imminent, it’s crucial that all organisations acknowledge the threat. Here are Timico’s top tips to preparing for and preventing a Ransomware attack:
1. Get senior stakeholder buy in, so all company Ransomware prevention and response policies are communicated and enforced from the top.
2. Be proactive with your backup policy, and above all test on a regular basis.
3. Educate your users not to open or click on suspicious looking emails or attachments.
4. Up to date antivirus software should be considered essential.
5. Don’t get complacent – audit your historic backups, imperative if you have a multi-vendor solution in place.
6. Understand your Recovery Time Objective (RTO) i.e. how long can you afford to be down for?
7. Understand your Recovery Point Objective (RPO) i.e. how much data can you afford to lose?
8. Encourage your users to keep their work and personal data and apps separate.
9. Don’t pay the ransom! It’s still highly unlikely you will get your data back, or if you do it will be in unreadable format.
10. Do report the crime to the police, many don’t and as such attacks go under the radar…don’t let cyber criminals get away with it!