Type to search

Ransomware prevention measures for startups and remote companies

Anyone who manages, owns or runs a company focusing on the use of technology in its daily operations will have encountered some mention of Ransomware.

With telecommuting employees, insecure wifi networks, frequent and confusing software updates, It seems that a debilitating incident involving ransomware encryption is becoming a matter of if and not when for most companies. Unfortunately, simply having an antivirus or firewall is just not enough.

The COVID19 pandemic hit us so hard that businesses were forced to make a decision; close down or let employees work from home? While corporations have always been the target of hackers, they still managed to get a way around any attack. Big corporations generally have large cash flows, and paying a few thousands or even hundreds of thousands of dollars doesn’t really put a dent in their income.

Startups and remote companies at an increased risk of ransomware incidents

But this is where startups and remote companies find themselves at the crossroads of safety and work. With bootstrapped budgets, they are now considered an equally lucrative target by cyber criminals for ransomware attacks and usually end up struggling the most.

If you are a startup, small business or a remote company that started implementing a telecommute in 2020, you need to take into account how COVID19 can impact you. We understand startups and remote firms usually have limited options on the table, but that doesn’t mean you ignore risks and continue working unprotected.

According to a study by CyberSecurity Venture, 50% of the attacks staged in 2019 till date were against small businesses.

Small and medium businesses, the ball is in your court now. Here’s how to keep your startup secure:

1.Use a VPN

A VPN provides you with a virtual private network, masking an extra layer of protection between you and the ISPs. This makes it extremely hard for threat actors, hackers, and intelligence agencies tracking your online activities. VPNs enhance privacy through a virtual location and IP address, thereby safeguarding your data. While not a 100% foolproof way of preventing a ransomware attack, companies and individuals using VPNs tend to be safer than those who don’t.

2.Ethical hacking and software penetration

Also called white-hat hacking, ethical hacking is a way of legally penetrating and compromising a system, or network by cybersecurity experts to test and detect any vulnerabilities. We’d strongly recommend startups and small businesses hire a cybersecurity firm like BeforeCrypt to run ethical penetration testing and get a report on vulnerabilities.

This report is highly valuable as small businesses can then detect and patch these vulnerabilities to reduce their chances of getting compromised in the future.

3.Avoid using open WiFi networks

With millions around the world switching to work from home, open and public WiFi networks across the world in places like restaurants, bars, pubs, and cafes are frequently used by remote workers. Not only are these WiFi hotspots extremely unsafe, they can track all of your data, leaving your information in the hands of threat actors who may be intercepting traffic on said network. 

4.Do not connect USB devices

USB sticks are notorious for infecting computers. They easily catch malware and do not provide a high level of data safety. As a rule of thumb, never rely on USB sticks for transferring your data. Rather, go for cloud usage like Google, Dropbox, Amazon and Microsoft. They are far more reliable and economical in the long run as compared to using USB sticks and external hard drives.

5.Employees are your biggest asset, educate them!

Startups, your employees are the biggest line of defence against any virus attack. Invest in their cyber security education. Hire a cybersecurity company like BeforeCrypt on board to teach them how to remain safe online. It is a widely accepted fact that educated and well-informed employees are far less likely to click a suspicious link than their non-educated peers.

6.Strong passwords

We wish this point need not be mentioned in this article. Sadly, with so many attacks happening just because of weak passwords, we have to mention it. How difficult is it to create a strong password with capital & small letters, numbers and special characters?

Why is that everytime you sign up on Google, Yahoo, Microsoft, or any other reputable service provider, you are always asked to use a strong password? There has to be a reason, right? Using a strong password makes it extremely difficult for hackers to break in using bruteforce technology.

Well, we aren’t done yet. As a security measure, it is highly recommended to keep changing your passwords every now and then, at least once every 2 weeks.

7.Software updates and security patches

The biggest problem with software and Windows OS is software updates and security patches. We understand it’s a pain in the neck when every week or so a new update is available. There is a reason why it exists in the first place. Software development companies including the likes of Microsoft consistently perform penetration tests to detect vulnerabilities, and accordingly issue software patches and fixes. These patches have to be installed as soon as possible to close vulnerabilities and loopholes.

Final thoughts

Times are tough. But there’s a saying:

“When the going gets tough, the tough gets going.”

While governments, agencies, and businesses are still struggling, trying to navigate the rough waters of COVID19, now is a more pivotal time than ever to stay vigilant and secure your data. At the end of the day, data is everything.

Many startups are unable to operate after a ransomware incident and some of them even wind up their operations, filing for bankruptcies. Several incidents involve an employee opening up an email and opening what appears to be an office document, whereas in fact it’s the virus they were opening.

Just by investing in educating your employees on cybersecurity goes a long way in reducing your risks of being compromised by ransomware attacks.