Introduction

The number of organizations targeted by cybercrime continues to rise year after year. In fact, the most commonly reported fraud has become data theft, surpassing physical theft. Preventing the theft of digital information should remain a priority for organizations since hackers continue to target businesses of every size in virtually every industry. One nefarious business model has become lucrative for cybercriminals: ransomware. This article provides more information on ransomware, its impact and tips an organization can implement to protect themselves against ransomware attacks.

What is Ransomware?

Ransomware is a type of malware, or malicious software, which prevents organizations from accessing their important company files, computer systems or even their networks. While there are several types of ransomware, they all share a common goal: to have you pay a ransom.

Similar to other computer viruses, ransomware often finds its way onto a device by exploiting a security vulnerability in a software or by deceiving the user into installing it. Many times, the victims of ransomware attacks do not know their computer or device has been infected until the damage is done.

The Impact of Ransomware By the Numbers

According to the Cybersecurity and Infrastructure Security Agency (CISA), ransomware continues to have devasting impacts on organizations in the U.S.

• $84K – Typical cost of recovery from a ransomware attack

• $1 Billion – Estimated annual ransomware payments

• $7.5 Billion – Cost of ransomware to the U.S. in 2019

• $6 Trillion – Global costs of cybercrime by 2021, with ransomware making up a large share

Tips to Prevent Ransomware Cyberattacks

1. Practice Good Cyber Hygiene

Good cyber hygiene should be part of your organization’s everyday routine. A few good practices include:

• Enable strong spam filters to prevent phishing emails

• Authenticate inbound emails to prevent email spoofing

• Exercise caution when opening email attachments

• Verify email addresses or website URLs

• Install reputable anti-virus and anti-malware software and run regular scans

2. Regularly Backup System and Files

Keep files secure by backing up important files offline, on an external hard drive, or in the cloud. This can help protect against many types of data loss, especially if hackers gain access to one of your devices.

3. Install Software Updates and Patches

Keep operating systems, software, web browsers and applications current and up to date. These updates are particularly important because they often include software patches. Software developers issue security patches whenever they discover software flaws that could let in viruses or hackers.

4. Increase Employee Cyber Awareness

Restrict users’ permissions to install and run software applications. Restricting these privileges may prevent malware from running or limit its capability to spread through a network. Setting strong passwords is essential. This can include implementing two-factor authentication. Organizations should also consider only providing employees who require access to certain documents with read-only access.

5. Implement an Information Security Management System

Implementing an ISO 27001 Information Security Management System (ISMS) can help your organization manage and reduce the risk of cybersecurity attacks. An ISO 27001 (ISMS) provides a framework that helps organizations improve the security of their data, and ensure the confidentiality and integrity of their information.

How We Can Help

The ISO 9001 Group provides ISO 27001 consulting and auditing services to assist organizations with improving information security. From a gap analysis, to documentation design, to implementation, our consultants have the expertise to ensure information security compliance. Contact us today to learn how we can assist with your management system needs.

Author

Victoria Ontiveros | Marketing Coordinator 

Victoria focuses on creating quality educational content that provides value to current and potential clients. By collaborating with members of leadership and sales, she is able to develop informative articles that answer common questions and connect with current trends. Victoria earned her Bachelor of Science in Sociology with an emphasis in communications from Texas A&M University.