Tuesday 9 Jan 2024 | 8 min read
How to protect your business from ransomware
Written by Michael Hayman, Content Writer
On 22 November 2023, the Australian Government released its 2023-2030 Cyber Security Strategy.
The strategy is a roadmap to cementing Australia as a world leader in cyber security by 2030. The Government has also released its 2023-2030 cyber security action plan to guide the strategy's delivery.
It comes amid a sharp rise in the number of cyber security attacks on Australian businesses in the 2022-2023 financial year. As reported by the Australian Cyber Security Centre, there were 94,000 cyber attacks reported by Australian businesses in 2022-2023. That's the highest number and increase on record.
A graph charting the increased number of cyber security incidents reported by Australian organisations from the 2019-2020 financial year to the 2022-2023 financial year. 2019-20: 59,806, 2020-2021: 67,500, 2021-2022: 76,000, 2023-2023: 94,000
In developing the plan, cyber security leaders and government stakeholders debated whether to ban ransomware payments.
What is ransomware?
Ransomware is a type of malware (malicious software). Attackers encrypt their victims' files and demand a ransom payment to have them de-encrypted. Ransomware typically reaches your computer through phishing emails, malicious websites, or infected software. Ransomware is a growing problem, as it's fast becoming an attractive proposition for criminal syndicates. In February 2023, a prominent Italian water supplier fell victim to a ransomware attack. And it won't be the last, as cybercriminals increasingly channel their inner Batman Villain and target critical infrastructure.
Is it Illegal to pay ransomware?
No. Although ransomware payments aren't recommended, making them is not illegal. But it might be in the near future.
Banning ransom payments is a global debate among cyber security leaders and Governments. The lack of ransomware payments would discourage cyber criminals from committing ransomware attacks, at least according to those in favour of the ban. On the other hand, sceptics believe ransomware attacks will happen anyway, and all a ban would do is make it harder, or near impossible, for businesses to recover their data. But the arguments of both sides are fraught with complexity. For that reason, while countries such as the United Kingdom and the United States have strongly discouraged ransomware payments, no country has outlawed them completely.
Throughout 2023, all eyes were on Australia to see if we'd become the first jurisdiction to make ransomware payments illegal.
In the end, the Government stopped short of enacting a ransomware payment ban, shelving the proposal for at least two years. However, Cyber Security Minister Clare O'Neill stressed a future ban would be "inevitable".
Stop ransomware before it hits
We've partnered with Fortinet, world leaders in cyber security, to offer enterprise-grade managed security at small business prices.
What happens if ransomware payments are illegal?
The looming ban on ransomware payments and its delay in Australia will have some critical consequences for businesses.
1) When ransomware payments get banned, recovering from attacks will be more challenging. Cyber criminals aren't in the business of returning your data once they realise it won't make them money. Instead, they'll find another way to profit off your data, like selling it to a third party.
2) As cyber criminals know the end of free-flowing ransom payments is near, ransomware attacks will ramp up. If your business has security vulnerabilities (as small businesses often do), it'll be a more attractive proposition for cyber criminals.
But no matter whether it's the ransom payment, the cost of recovering, or both, ransomware devastates businesses. So, avoid it at all costs! So, what can your business do to mitigate the threat of ransomware? Prevention will always be the best cure. Here are steps you should take to prevent a ransomware attack in your business:
Ransomware prevention checklist:
There's no magic bullet to preventing a ransomware attack. Instead, you'll need a multi-pronged approach to defend your business against the ever-evolving ransomware threat.
Train your team to look out for malicious messages
A text about an Amazon purchase you assume your partner made or a toll road trip you don't remember taking? Is your colleague sending a short email in a slightly more formal tone? It's probably phishing. As with the examples above, phishing emails are so embedded into your day-to-day activities you might not notice that they're phishing. You must train your team to be alert to phishing attempts. If you don't have one already, develop a policy that acts as a playbook for dealing with suspected phishing attacks. Any policy should ensure your team knows to only click on links and download attachments if they're certain the source is a trusted party.
Update security patches
Set updates for your operating system and other apps to 'automatic', so your devices download them as soon as they're available. Security holes heighten the risk of infection by ransomware, but with automatic updates, you can patch these risks as soon as the software manufacturer addresses them.
Install an anti-malware program
Download and activate a quality anti-malware app on every device in your organisation. Anti-malware companies usually stay alert to new ransomware and provide malware-definition updates to users. Set your malware definitions to update automatically so you and your staff members stay protected as soon as the latest updates are available. You can get quality anti-malware systems for free. For example, Windows 10 comes with Windows Defender, which is updated regularly with ransomware definitions.
Back up your data
Ask your IT technician to schedule automatic backups at least once a day. While regular backups won't help you avoid a ransomware attack, they'll mean you won't lose all your information if there is one. With up-to-date backups, you can quickly restore your files and daily operations without paying the ransom.
Filter emails and texts
Have an email-filtering system installed on your devices or IT system. Email filters block phishing and other suspicious emails from entering your server or devices. With email filters in place, users won't see the emails or get a chance to open them.
If you've got a business mobile plan, an SMS filter will help block suspicious text messages.
Use a firewall
An enterprise-grade firewall could protect you against ransomware coming in through vulnerabilities in a poorly protected network. And despite the promise of enterprise-level protection, enterprise-grade firewalls are affordable for all businesses.
To learn more about setting up a small business network that's secure and effective, check out our guide.
Configure Microsoft Office macros
Macros are programs that run automatically when you open a Microsoft file such as a Word doc or Excel spreadsheet. Macros enable key functions of Microsoft Office, such as formatting and automating repetitive tasks such as data entry. But since macros are automatically attached to standard file formats (including Word documents, PowerPoint slides and Excel spreadsheets), they're a common hiding spot for malware. Microsoft Office blocks macros by default, and you can configure your Microsoft Office settings to allow macros only from trusted sources.
Move to the cloud
Cloud-based storage is the new standard for organisations across the world. Not only is the cloud more flexible, scalable, and cost-effective than on-premise hardware, but it's more secure, too.
Cloud storage solutions have advanced security solutions that continually improve to mitigate evolving cyber threats. And you won't have to worry about someone breaking in and physically accessing your on-premise hardware!
Shifting your IT system to the cloud could let you access better malware scanning and additional security features, especially if you're a small business with a strict IT budget.
Are you looking to migrate your business to the cloud? Check out our simple three-step guide to effective cloud migration.
Invest in managed security hardware:
Cyber attackers have it easy. They're the attackers. They only need to get it right once to achieve their goal of breaking into your network. It doesn't matter how many attempts they make to do it. You, as the defender, have a much harder task. You need to be right every time.
With millions of new threats created and deployed by cyber criminals each day, cyber defence is becoming more and more challenging.
That's why security hardware is crucial to any well-protected network. Security hardware acts as a blanket, detecting and neutralising attacks before they can even reach your radar.
We've partnered with Fortinet, world leaders in cyber security, to bring your business top-tier managed security hardware.
Access enterprise-grade firewall routers, switches, access points and extenders at small-business friendly prices. And run your hardware with peace of mind, knowing our expert network engineers manage them for you to ensure they stay effective.
Check out our range of security hardware here.
What to do after a ransomware attack
Although prevention is the best cure, your business must have an emergency management plan for the worst-case scenario. That way, if you get hit with a ransomware attack, you and your team know exactly how to minimise the damage.
Here's what you should do in the event of a ransomware attack:
1) Disconnect and shut down: Some businesses have a policy of disconnecting and shutting down the second they discover a ransomware attack has struck them. Disconnecting as soon as possible could stop encryption from proceeding, but check with your IT technician to ensure this is the best course of action for your particular IT system. Usually, it's best to disconnect, even if the ransomware message demands you don't.
2) Don't pay: It's advisable not to pay the ransom. For one, there's no guarantee the attacker will actually restore your system. Additionally, paying could make you a ripe target for future ransomware attacks from the same hackers (or their associates) because they know you'll likely pay.
3) Seek advice – Get guidance from your IT technician or an external expert as soon as you know you've been attacked.
Speak to a security expert
Running a business is hard enough without the extra (but essential) work that goes into keeping it secure. But you can't afford to neglect cyber security. Our team can help your business develop and implement a tailored security solution to protect it from cyber threats.
Contact our team today to take the next step in securing your business and its future. Call us on 1300 480 905 or get in touch via our website and ask about our security solutions.