Ransomware on the Rise: Five Steps to Improved Email Security
How far would you go to protect your company’s data? How about your customers’ data?
Every day, business owners are confronted with this exact question when they become victims of ransomware schemes. According to an industry report by Coveware, the average ransomware payout in the third quarter of 2020 was $233,817 (source). Some are much cheaper, even as low as $60,000, but cyber criminals are smart enough to tailor their ransom amount to the size of the company and how much they think you’ll be able to fork over quickly.
You may choose to negotiate the amount. This is expected—often the total payout can be negotiated down by as much as 20%, but after that point, you’re at the mercy of your captors. If you choose to pay the ransom, you may get your data back, but there is no guarantee (honor among thieves and all that). Studies show that about 60% of people who pay the ransom get all or most of their data back. Others get only a small amount, and some never see it again. Scary! Plus, companies that pay large ransoms encourage hackers to continue to pursue payouts with ransomware. They’re only in the business because it remains profitable for them.
That’s why I have backups, you may be thinking. It’s true; backups can save you from lost data and prevent downtime. Recently, however, the bad actors have upped the stakes for compromised companies: if you don’t pay, they’ll post your data and your clients’ data to dark web marketplaces for sale. As with getting your data back, there is no guarantee that paying the ransom will prevent this in 100% of cases. Some criminal syndicates that run ransomware schemes will immediately post a small amount of data on “bragging rights” websites, anyway. Trust me, you can’t win here.
How to Prevent Email Ransomware Attacks
The best method proven to prevent email-based ransomware attacks is a solid defense strategy. You can often intercept an email ransomware attack at a couple points in the process: you can prevent the email from reaching your inbox, or you can prevent the software from being downloaded.
Prevent ransomware emails from reaching your inbox with the help of an email filtering solution. Many emails with ransomware attached are designed to look like they came from an internal source. A good email filter can catch many of these emails before they ever hit your inbox, quarantining them to prevent ransomware and other malware.
Your email may have a “built-in” spam filter, but these filters are not the most accurate when it comes to keeping harmful emails in quarantine. Email filters like those offered by Facet use artificial intelligence (AI) and other tools to successfully identify and block ransomware attempts, even when they come from legitimate-looking sources. These filters go several steps further to prevent access to your system than traditional spam filtering included with email.
Employee Education and Training
I know you’ve been hearing a lot about employee education from us lately. It’s because it’s the single most effective way to prevent a ransomware attack on your system. Email filters work wonders, but no method prevents 100% of attacks. Your team must practice vigilance and awareness to properly avoid ransomware and loss of data.
Facet offers employee education in a few forms. In addition to resources for training that you can conduct yourself, we also offer phishing simulation services. Phishing simulations are a proven way to decrease your cybersecurity risk across your entire company.
Phishing simulations involve sending emails that mimic the characteristics of common phishing and ransomware emails. Instead of containing harmful software or truly stealing your credentials, however, the emails direct those who click on the “harmful” link or enter their password into the fake website to training videos and materials to better prepare them to identify future threats.
Check in with Your IT Provider
If you are already a Facet customer, consider a quick check-in to confirm that your security options and services are all up-to-date. Facet has recently hired a dedicated Security Analyst to assess current threats and industry trends, as well as a Customer Advocate to continue in our goal of better serving our customers. You can use the contact form below or call our main phone number to schedule an appointment and review your security options and recommendations.
Consider an In-Depth Audit of Your Security Practices
If you are looking for an even deeper dive, consider a Security Plus Audit. The Security Plus Audit is an intensive evaluation of your company’s cybersecurity stance, including dark web dives and more. This service is an invaluable way to gain insight into your position and get a roadmap to cybersecurity peace of mind.