How can you protect your clients from crypto-ransomware?

Source: Vsoftsystems, 07/06/2018

Here are some easy-to-apply rules to help keep your client’s data -
and business operations - safe
Of all the various different types and families of ransomware, the
most commonly-encountered is crypto-ransomware. Often referred to
simply as `ransomware`, it refers to a form of malware where the
files and data that are stored on the infected device are encrypted
into an unreadable form. This means the data can only be retrieved by
using the necessary decryption key, which the criminals then demand a
ransom in exchange for.
Consumers affected by crypto-ransomware are usually faced with
demands of £250 to £500, but ransom charges for businesses can be
much higher as cybercriminals understand just how valuable an
organisation`s data can be. If the ransom goes unpaid, the price will
steadily increase until the decryption key is deleted, making it
virtually impossible to recover the files. But even if a ransom is
paid, there’s no guarantee the data will be decrypted.
A recent survey by Kaspersky Lab found that despite the increase in
ransomware attacks, only 40% of companies consider ransomware to be a
serious danger. This attitude can lead to security weaknesses that
can be exploited by cybercriminals.
See related
A temporary loss of data can disrupt business-critical processes, and
could lead to lost sales, reduced productivity and significant costs
for system recovery. However, the permanent loss of data can have
much more severe consequences, from damaging the company’s
competitive position to preventing access to intellectual property
and design data.
In common with most other types of malware, there are many ways in
which ransomware can find its way onto business computers and other
devices.
As an MSP or an MSSP who has a number of businesses relying on you to
protect them from cyber threats, here are some easy-to-apply rules to
help keep your client’s data - and their business operations - safe.
Educate clients:
People are often the most vulnerable element in any business. Teach
clients about IT security basics, including raising awareness of
phishing and spear-phishing attacks. Emphasize the security
implications of opening suspicious-looking email attachments, even if
it appears to be from a trusted source.
Regularly back up data:
Almost all businesses will already have data backup policies.
However, it’s also essential to back up data onto an offline backup
system, rather than just copying files to another ‘live’ system.
Establishing a ‘back up and disconnect’ policy will help keep backup
files safe from cryptors, and will prevent a successful attack on one
business from disrupting other clients, as well as making it quick
and easy to get your client’s business back up and running.
Protect all devices and systems:
Crypto-ransomware doesn’t just attack PCs. Business security software
must also be able to protect Mac computers, virtual machines and
mobile devices, and this is an ideal opportunity for MSPs to add
value and protection through layered security. It is also worth
ensuring there is sufficient protection installed on your client’s
email system.
Deploy and maintain security software:
As with all malware prevention, updating early and often is a
valuable policy to follow. Updating all applications and operating
systems will allow elimination of newly discovered vulnerabilities,
and ensuring security applications and anti-malware databases are up-
to-date will ensure your client’s business benefits from the latest
protection.