On November 5, 2021, the Federal Trade Commission suggested two preventative steps small businesses can take to protect against ransomware risks:
Step #1: Make sure your tech team is following best practices to fend off a ransomware attack.
- Be prepared by backing up data. Set up off-line, off-site encrypted backups of information essential to the business.
- Make the Cybersecurity and Infrastructure Security Agency’s (“CISA”) Fact Sheet on Rising Ransomware Threat to Operational Technology Assets and other ransomware resources required reading for IT staff. Have IT staff regularly follow the latest advice from CISA and other authorities.
Step #2: Schedule a security refresher for your employees.
- Ensure all staff are trained in the tricks that cybercriminals are likely to use to infiltrate a system. Cybercriminals often use deceptive emails, phone calls or texts as methods of entry.
- Educate staff on the hazards of using the same password across different platforms, and consider the benefits of multifactor authentication. Businesses can bolster security through rigorous authentication procedures and company policies requiring long and complex passwords.
For more on the FTC’s perspective on ransomware, see Ransomware prevention: An update for businesses.