SMB Ransomware Checklist

The threat of ransomware scares business owners in every industry. Unfortunately, this form of cyber attack continues to grow at an alarming rate. What’s worse, cyber criminals don’t only target large corporations—small to medium-sized businesses (SMBs) are increasingly just as likely to be potential ransomware victims.

Small to medium-sized businesses can be much more vulnerable to cyber-attacks because they don’t have the financial or organizational resources that larger companies have. That’s why having a multi-layered, evolving SMB ransomware prevention and mitigation checklist will help ensure that you, your employees, and your critical business data are resilient in the event of infiltration.

Ransomware is a type of malware that infects a victim’s computer or network and restricts users’ access until a certain condition is met. What cybercriminals can do with this power over your information runs the gamut. Ransomware has multiple types, and none of them are good.

Regrettably, the question isn’t whether or not you will be the victim of a ransomware attack, but when. However, if you can’t control the probability of being the target of this type of malware attack, you can determine how vulnerable your SMB business will be when it does happen.

Ransomware prevention vs. ransomware mitigation

The fact of the matter is no matter how hard you try, you are not going to be able to thwart a ransomware infiltration if you find yourself in cybercriminals’ crosshairs. That’s a crucial revelation you can make as an SMB business owner. In addition to focusing on ransomware prevention, ransomware mitigation should be your objective.

When trying to limit the impact that this kind of malware can have on your SMB business, you need a three-pronged approach to developing and communicating an SMB ransomware strategy that considers your people, processes, and technology.

Creating an SMB ransomware playbook

This SMB ransomware strategy puts an emphasis on data protection and isn’t an exhaustive list of ransomware prevention and response action items. The Cybersecurity and Infrastructure Security Agency (CISA) has many tools and resources available to combat ransomware and other cyber attacks.

Good cybersecurity starts with your people

Even before potential employees become your people, you can begin your ransomware protection strategy. Here are some strategies to ensure your employees are not your weakest point of entry for a ransomware cyberattack:

• Hiring process: Do your due diligence. Perform careful background checks on potential new employees. Individuals under financial stress are prime targets for cybercriminals; they can literally hand over the keys to your network or data for a small reward.
• Ongoing cybersecurity awareness training: Most employees won’t intentionally subject your business to ransomware. But developers accidentally leave databases unsecure, while others accidentally fall for a phishing attack. You must invest in regular employee cybersecurity awareness training and testing.
• Create a culture of security: Ransomware readiness is a team sport. You need to have buy-in at all levels of your organization of the importance of a personal responsibility for keeping valuable IP and access to internal infrastructure safe.

Processes to protect your data

There are a number of processes you can implement, investigate, and test to ensure that you, your employees, your customers, and your organization are operating with the most up-to-date best practices.

• System hardening: This set of tools, methods, and best practices reduces vulnerability in your software, data systems, and hardware by minimizing your system’s attack surface. There are a number of types of system hardening, including network, server, application, database, and operating system—you need a procedure for all of them.
• Endpoint security: To accompany network security, endpoint security products protect the individual devices employees use at work, such as desktops, laptops, and mobile devices.
• Readiness assessment and testing: Make sure to have a working survey to measure your organization’s technology, procedures, and overall quality to defend and mitigate the impact of ransomware attacks. Just as important, make sure you routinely test the effectiveness of your ransomware prevention checklist against as many attack vectors as you can.
• Ransomware insurance: This type of cyber insurance covers financial losses, such as ransom fees and business interruption costs, as a result of a ransomware attack. Obtaining ransomware insurance is getting harder and more expensive, especially for businesses that cannot demonstrate that they have a robust, tested ransomware and data protection plan in place. Cyber insurance providers can even terminate a policy if a business cannot adequately illustrate they have a sound ransomware prevention plan.
• User access: Virtually every successful ransomware attack happens as the result of an employee’s negligence. Compromised credentials are an active ingredient in many ransomware attacks, so be sure the manner in which your employees access your organization’s system is protected. Make sure you have secure password management, as well as multifactor authentication enabled. Enact software restriction policies, and make sure employees don’t have access to information or processes that aren’t required for them to do their job. A Zero Trust approach to security will serve you well in this regard.

Invest in the right technology

Nearly every instance of a successful ransomware attack happens because of an employees’ negligence. Ransomware prevention training is a necessary investment, but you must have “fail safe” measures in place to deal with the inevitable. Along with the people and processes portion of your ransomware strategy checklist, you need to invest in the right technology—layers of technology that help mitigate the damage that comes with a successful ransomware attack.

• Data encryption: A favorite ransomware tactic, encrypting your own data also helps deter malware or hackers from accessing important information. Data encryption encodes your content, making it difficult to use without the encryption key.
• IAM and multifactor authorization: Never share root account credentials. Every admin for every application should be assigned their own set of “right-sized” credentials through Identity and Access Management (IAM) or Role-Based Access Control (RBAC) tools. Using multifactor authorization (MFA) whenever possible will dramatically reduce the risk of compromised credentials and can help provide advance notice of breach attempts when multiple login attempts are thwarted.
• Backup and recovery: You need to have a strategy in place where all your critical data is backed up securely on a regular basis, preferably using the 3-2-1 backup rule. The tried-and-true backup best practice recommends that you keep at least three (3) copies of your data on two (2) different media with at least one (1) copy offsite in the event of a local disaster. This could be a branch office, but more and more companies are leveraging low-cost and secure cloud object storage to store their secondary backups.
• Immutable storage: Your last line of defense. Immutable backups cannot be deleted or altered in any way–not by you or anyone, including bad actors, until a predetermined time (set by you) has expired. Traditionally referred to as an air gap, where the data is completely disconnected from a network or the internet, modern cloud storage service providers, like Wasabi, are able to offer immutable storage or virtual air gaps through through encryption and hashing.
• Multi-User Authorization: For an even more secure ransomware recovery solution, choose a cloud storage service that requires multiple security admins to agree before acting on a storage account deletion request.

Finding an SMB ransomware prevention partner

If you are interested in creating and executing a ransomware prevention and mitigation strategy for your SMB but you don’t know where to begin, many companies offer a variety of services—from employee training to IT needs. But just like due diligence is part of a ransomware prevention strategy during the hiring process, the same can be said when finding a ransomware prevention partner.

A good first step is to check out these excellent free resources from the Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST):

• CISA Resources for SMBs
• Tips and Tactics: Preparing Your Organization from Ransomware Attacks
• NCCoE Data Security website