Can Your Business Afford 33 Hours of Down Time for Ransomware Recovery?
If you don’t know what ransomware and phishing are or have not taken appropriate measures to guard against them, then it is time to take notice about how serious of an impact they can have.
A recent KnowBe4 Security Awareness Training blog entry on ransomware recovery made me take notice. It mentioned that a new survey revealed that, of 500 businesses surveyed, “48 percent said their organizations had been hit by at least one ransomware attack in the last 12 months, with the average victim hit six times. Of those respondents, whose organization has suffered a ransomware attack in the last 12 months, just over eight in ten (81%) report that the ransomware attacker gained access to their organization’s network through phishing via email or social media network.”
The article also mentions that, on average, the process took 33 employee hours to restore files from backups (and that, of course, requires that you have good backups). There are steps you can take to help prevent getting the ransomware in the first place. One of the best prevention steps is to train your employees on ransomware and safe ways to handle email. Below are some helpful resources.
Make sure all employees know what phishing is and how to safely read email:
- A Microsoft web page about phishing explains how to recognize phishing emails or calls and how to report them.
- KnowBe4 has a good one page quick reference PDF on some red flags that indicate an email may be a phishing attempt.
- For cybersecurity tips on phishing and much more see the United States Computer Emergency Readiness Team (US-CERT.gov) web site.
Make sure all employees understand ransomware and how to defend against it:
- Microsoft explains ransomware and the different variations of it here.
- KnowBe4 has extensive information on ransomware including: what it is, frequently asked questions, prevention, removal instructions, etc.
- This ransomware announcement from the FBI Internet Crime Complaint Center (IC3) explains what it is, how to report it, and ways to defend against it.
And remember, as the folks at KnowBe4 and Richwood Bank are fond of saying… Think Before You Click!
Chief Information Officer