Recently, the world has suffered a massive intensification in hacking. 2021 alone saw a terrifying 105% jump in ransomware cyberattacks. Certain sectors found themselves the focused target, such as healthcare which was rocked by a 755% increase. Oil and gas companies have found themselves under heavy assault, partly because of the wider damage that is attractive to hackers: whole supply chains can cease to function if energy supply is hit, with a cost to the economy running into several billions, so there’s a raised level of urgency to reach a resolution. High-profile casualties in 2022 have included payment issuers, which again produced widespread collateral pain across multiple industries: in one prominent example, production was lost for three weeks, with many further weeks of no payment being possible with cards in store or online.
Once ransomware has penetrated an organisation’s defences, it encrypts files and instructs its victims to pay a ransom payment for decryption. Ransomware has become ever-more lucrative and specialised: whole teams of coders now work on finding vulnerabilities and exploiting them in the most efficient way, then pass on successful breaches to experienced negotiators who are skilled at extracting the maximum possible ransom from afflicted corporations and governments.
An attack is often extremely difficult to recover from. Entire IT departments may have to spend months or even years on disinfection, and may still never be quite sure that they are clean. In addition to the large number of person hours, share prices tend to plummet, alongside less measurable costs include debilitated staff morale, alongside a loss of trust amongst customers and the wider public.
Sadly, it’s an undeniable fact that the risk of getting hacked, already high, is worsening; while that risk is higher for some, it’s present for everyone. In this context, there are certain crucial steps that IT managers should take to reduce their risk significantly.
1. Layer your security
Hackers are extremely determined and capable. So, they need combating with several lines of defence. Top-quality antivirus with a firewall is essential, but what are you running alongside it? Anti-executables can block colleagues from installing software that you haven’t approved. Ransomware prevention will block the most common ransomware from getting through. Think carefully about all your possible vulnerabilities, and construct as many barriers as possible.
2. Keep everything up to date
The developers of Microsoft Windows, and of every piece of software you use, are on the same side as you. They’re patching all the time in the arms race against hackers. So, give them the best possible chance of winning that race, by automating all your updates out of production hours. As soon as a fix is available, you want it live. If you’re running out-of-date applications on out-of-date operating systems, you’re unnecessarily opening yourself up to a breach.
3. Embed 2-factor authentication
A large proportion of office-based tasks are now carried out through the medium of cloud applications. Most of these now offer 2-factor authentication. This is a simple but highly effective blocker – even if a criminal gains password access, they’d typically need an employee’s phone or email to break through . You could even make a rule that you won’t run any software that doesn’t include this functionality.
4. Train your staff
It’s important to keep staff fully aware of the peril that lurks only one click away. Most people understand the basics, like mistrusting links and attachments, but since the slightest slip could prove catastrophic, they need regular reminding. This can be achieved in a number of ways, ranging from informal chats and circulating relevant news stories, to more secure options such as obligatory formal training that must be completed at defined intervals.
To find out more, watch our webinar on Youtube.
