Ransomware costs continue to increase year over year for SMBs. News headlines talk about multi-million dollar Ransomware breach costs, but those apply primarily to enterprises. For the average SMB, the costs are in the hundreds of thousands of dollars. $139,000 to be exact or 65% more than last year ($84,000).
Preparations have never been more important or simple for SMBs to train up their employees to fight the scourge of cyberattacks.
So, what does CyberHoot recommend you do to protect yourself from ransomware?
- Train your employees on the common attacks that are out there. From weak passwords and password managers, to the importance of multi-factor authentication and how to spot phishing attacks. Awareness is the key to defending your business.
- Govern you employees with cybersecurity policies including Acceptable Use, Password, Information Handling and a Written Information Security Policy.
- Establish cybersecurity best practice processes such as a Vulnerability Alert Management Process (VAMP) and a Cybersecurity Incident Management Process (CIMP) to guide and require action in the face of an emergency. Then move on onboarding and offboarding processes, SaaS management processes, and 3rd party risk management.
- Establish strong technical protections including: a Firewall, antivirus, anti-malware, anti-spam, multi-factor authentication on all critical accounts, Enable full disk encryption, manage the keys carefully, and most importantly, adopt, train on and require all employees to use a Password Manager.
- Finally, train employees on how to spot and avoid phishing attacks. CyberHoot has released a disruptive method of Phish Testing the fills in gaps in your employees knowledge without punishing them for failure. Instead we reward them for success. More info is available here.
CyberHoot believes that for many small to medium sized businesses and MSPs, you can greatly improve your defenses and chances of not becoming another victim of cyberattack if you follow the advice above.