Late last month, the Jawaharlal Nehru Port Trust (JNPT) was hit by a ransomware that completely crippled the operations at India’s largest container port. Besides JNPT, the Petya ransomware is also reported to have hit a number of large corporations including WPP, Maersk, Mondelez and DLA Piper. Just a month earlier, the world was hit by the WannaCry ransomware that infected more than 230,000 computers including those of UK’s National Health Service (NHS), Fedex, Honda and Renault.
Computers getting hit by spyware and ransomware is no longer a hypothetical. If you are a startup, the risks are relatively higher given that you may be dependent on third party tools and services for all your business needs like email, web hosting, file sharing and project collaboration. A single slip-up could be the difference between keeping the lights on and shutting down your startup operations.
Enhance security protocols
Over a long term period, the chance of your startup being impacted directly or indirectly in a cyber-attack is close to 100%. Secure passwords are just the beginning of a series of protocols that one must follow to keep your startup secure.
Use third party tools that come with advanced data encryption. In addition to this, make sure that all your company accounts on these third party tools and services have biometric or access-ID based multi-factor authentication and user access control features enabled. For file sharing, sign up with VDRs that can restrict user accessibility to prevent unauthorized third party access.
The objective is to make sure that hackers do not get to access any of your confidential documents even if they are able to lay their hands on your files.
Conduct periodic audits
Hackers who get entry access to your servers do not always make their presence known immediately. In May 2015, two Indian conglomerates were forced to pay nearly $5 million each after hackers threatened to reveal critical information about their complicity in a wrongdoing. The attack was significant because the hackers had penetrated the system at least two years earlier and were merely waiting for the right time to attack.
A periodic audit of your security deployments, along with detailed log analysis and hackathons, would have helped the organizations detect the security breach much earlier than they were able to.
The trouble with ransomware is that they hold your operations hostage until you pay the ransom. Fortunately though, backing up virtual copies of data does not cost a lot and the process itself can be automated.
Given the frequency of such attacks worldwide, it would be foolhardy to not backup all your critical business documents over more than one cloud system. This way, your operations may continue seamlessly and the impact of ransomware itself is minimized.
Educating your staff
Perhaps one of the best ways to insure your startup from ransomware attack is to educate your employees on the prevalence of such threats. It is important to understand how such scripts enter your network in the first place and know how to identify trojans and phishing emails that are often the source of malware. In the case of ransomware, prevention truly is better than the cure.
In conclusion, startups need to embrace a three step strategy to protect themselves from cyberattacks.
As a first step, keep your logins and access points secure so that hackers do not get access to your servers. But in case they manage to do so, deploy encryption and access-control protocols so that the hackers do not gain access to any confidential information from your servers.
As a final step, create backup options so that these documents are not held ransom which can hinder your operations.