Ransomware and the law
The legality of ransomware itself varies. As a rule of thumb, the software itself may well be legal but the purposes to which it is generally put (i.e. extortion and, increasingly, data theft) tend to be very illegal. That said, if you’re a business, then the (very) harsh reality is that a Ransomware attacks could see you having to deal with legal penalties, while the perpetrators go free.
Ransomware and data protection
If you’re a private individual and the only personal data you’re storing is your own, then, legally, you can generally take whatever risks you like with it. As always, however, just because you can, it doesn’t mean that you should. Protecting yourself against ransomware is still a very good idea. If, however, you’re a business and you collect other people’s data, then you are responsible for protecting it. This includes any data you collect from your own employees.
It may seem unfair that you end up being punished for losing data due to a ransomware attack (or any other cybercrime), especially if the real criminals go unpunished. It does, however, have to be acknowledged that by this point the threat of malware in general and ransomware in particular, is, or should be, known to everyone. Hence, it’s reasonable to expect businesses to take appropriate precautions to protect against it.
Storing your data safely
The obvious way to protect your data against ransomware (and other forms of malware) is to store it encrypted. This won’t stop malware from accessing it (if it gets past your defenses), but it will stop attackers from being able to make use of it. In other words, it will protect against data theft.
Additionally, it makes sense to ensure that you have a backup of your backup. In other words, local data backups are extremely vulnerable to being compromised if your production system is infiltrated. You need to back them up with an off-site solution and this needs to be both physically and logically separate from your main system.
Ideally, you should also keep data backups from different time points, in case there is a delay in recognizing that you have come under attack. If you’re in the cloud, then you can reduce the cost of this by moving the older backups into slower storage. For completeness, it’s usually fine to keep your off-site data backup in a (second) public cloud, even if you’re in a regulated industry, just as long as you keep it encrypted.
Protecting yourself against ransomware attacks
If you are properly prepared, then a ransomware attack should be nothing more than a mild inconvenience. It is, however, still an inconvenience and just being attacked can be a public embarrassment. You, therefore, want to do everything possible to reduce the likelihood of ransomware getting into your systems in the first place.
You need a robust anti-malware solution
Even if you’re a private individual, it’s advisable to upgrade your protection from the default apps bundled with the main operating systems. If you’re a business (or a freelancer) then you absolutely must have a robust anti-malware program with an integrated firewall. Getting an all-in-one product is not only more cost-effective and convenient, but it also makes sure that you get all the protection you need ready to work out of the box with minimal configuration.
These days, the best option for both individuals and businesses is to go for a cloud-based solution run by a reputable cybersecurity company. With a cloud-based solution, all updates are completely managed by the vendor. This is handy with any software and particularly useful for security software as this needs to be updated very frequently. Also, cloud-based solutions have the servers do most of the work. This reduces the burden on the local machines.
You need to keep your operating systems and applications updated
Cybersecurity products work on the assumption that your operating systems and locally-installed applications are all kept up-to-date. This means that you need to commit to making that happen. If you know that this is a weakness in your organization, then you need to arrange for a managed IT services vendor to take care of it for you.
Remember that physical security matters
Most malware, including most ransomware, is spread digitally. This is because, even today, a lot of malware, including a lot of ransomware, is essentially about playing the percentages. In other words, the cyberattackers just try to hook as many people as possible and hope that some of them bite. Some attacks, however, can be targeted and this is where physical security can be your protection or your vulnerability. Make sure it’s the former.
Please click here now to start your free 30-day trial of Comodo AEP.