Don’t let the headlines scare you.  

You can prevent ransomware.  

Maybe you’ve watched the NC State Bar and different firms land in the news. Maybe your firm has suffered from a ransomware attackBut whatever your experience, please know that your data isn’t doomed to encryption.  

Ransomware isn’t an insurmountable risk. It’s avoidable. It doesn’t need to happen.  

The fact that ransomware occurs tells me that many businesses are underserved by their IT vendors. Even though our clients include frequent ransomware targets, such as law firms and other professional service organizations, ransomware is a nonissue for us. As with anything, the key is following best practices.  

If you’re worried about ransomware, here are some ways to reduce your risk… 

1. Prevent ransomware by training your users.  

Did you know that untrained users are the entry point for ransomware?  

Cybercriminals usually succeed by tricking staff through phishing attacks and social engineering. 

While training your team will mitigate this risk, people make mistakes. That’s why you also need cybersecurity technology, which leads me to my next point…  

2. Have a solid technology stack.  

As I said, our clients don’t have ransomware issues. One reason is we use a robust security stack.  

Every firm needs “security onion” with several layersso that if a single tool fails, there won’t be a complete compromise in protection. On a very basic levelthis security onion should include these safeguards:  

  • Antivirus software  
  • Network firewalls  
  • Cloud-based filtering  

Given today’s threat landscape, I recommend transitioning (if possible) from antivirus to a next-generation solution that’s managed by a security operations center (SOC)A benefit of this SOC is that it looks for signals of The Silent Bad Actor on your network. Later in this article, I’ll have more to say about The Silent Bad Actor.  

3. Ensure proper management of your technology.  

You can have top-notch technology—and still fail to prevent ransomware. All it takes is poor IT management or a poor methodology.  

Once again, the details matter.  

You need more than the latest cybersecurity solutionsYou need an IT vendor that ensures your technology is functioning the way it was designed to operateProper governance is especially important in this era of working from home (WFH).  

Going back to those safeguards in the security onionhere’s what good (and bad) management looks like:  

4. Reduce your risk of sabotage.  

Another way to prevent ransomware is avoiding sabotage.  

What I’m referring to is ransomware that’s manually deployed by The Silent Bad Actor.  

To be clear, ransomware is a piece of automated software that encrypts your data and holds it for ransom. However, it’s possible for a human beingThe Silent Bad Actorto sneak onto your network and launch a very targeted attack. (In fact, The Silent Bad Actor approach was employed in the recent SolarWinds compromise.) This cybercriminal might vandalize your backups and then manually install ransomware.  

The Silent Bad Actor threat is one of my biggest concerns for small businesses, and it’s a reason I’m pushing a next-generation solution.  

Are you prepared to prevent ransomware?  

Your firm doesn’t have to be a ransomware victim.  

If you’re training your users, utilizing the right technology, and managing it properly, your risk is quite low.  

However, I realize that some readers may have suffered from an attack in the past. If soI encourage you to pinpoint the “why” behind the compromise. Was it your tech stack? Was it an uneducated team member?  

Don’t forget that it could be your IT vendor. If you suspect this is the case, ask probing questionsLearn to recognize when you’re being given excuses  

  • “Your AV stopped working.” 
  • “Your AV wasn’t updated.”  
  • “It got on Mary’s computer when she was working from home.” 

If you’re concerned about your firm’s exposure to ransomware, I encourage you to relay your questions to us.  

You can reach our office at info@weareproactive.com or 704-464-3075 extension 3.    

Here’s to a secure 2021, 

– Steve   

Is your firm working from home?  

When COVID-19 hit, your firm was forced to rapidly pivot. With no precedent to rely on, you made quick decisions. You did what was needed. 

Months later, are you confident in your remote work setup?   

Maybe you’re dealing with a piecemealed strategy. Or maybe you want to transition from a temporary option to a long-term solution. If you need insight, download our complimentary whitepaper The Managing Partner’s Guide to a Long-Term Work-From-Home Strategy.   

Steve Kennen, president of Proactive IT and cybersecurity expert

About Steve Kennen

As an expert in information technology infrastructure management, cybersecurity, and cyber risk management practices for small businesses, Steve spearheads initiatives that keep his clients secure and their business operations running smoothly. His core message is that the details matter.