Cyber extortion is, unfortunately, becoming more common. This type of cyber attack often involves a type of malware called ransomware that encrypts your files or locks you out of your computer until you pay the hacker. Even then, there’s no guarantee the hacker will release your files, so you may give in to the extortion for nothing.
“In the shadowy world of security threats and bad actors, cyber extortion is a growing trend.” — SecurityIntelligence.com
Other types of cyber extortion include threatening to delete your information, infect your network with viruses, or publish confidential information or customer information online.
If you haven’t thought about how you would deal with cyber extortion, here are ten things you can do to protect your business.
1. Take a data inventory
Before you can take steps to protect your data or even understand what’s at risk of a cyber-extortion attack, you’ve got to know exactly what data you have, how much you have, and how you store it. Taking a data inventory will give you an idea of what you have to lose, how much of an impact that loss would have, and what you need to protect.
Once you’ve identified your business data, ask yourself key questions:
What data do we have?
Where can it be found?
Who has access?
Where did the data come from?
What is its scope?
What is its quality?
Does it include test data?
“A data inventory allows you to assess what data sources are available and in what format this data exists. With a complete 360° view of your data sources, an accurate prioritization analysis can be completed,” according to Knowlton Group.
2. Create data backups
Most businesses have all of their critical files backed up to the cloud or secondary storage that cannot easily be stolen or encrypted. Some businesses even back up everything, no matter how unimportant it might seem.
But few have any type of backup bandwidth or computers that can take over handling the day-to-day work while the regular network is out of commission. Take a look at your system and consider what you would do if your entire computer network was put out of commission by an extortionist.
3.Train employees on phishing scams
Make certain that your employees can recognize what a modern phishing scam looks like. Your cyber security efforts must extend beyond IT to all employees since anyone can accidentally download a strange attachment or visit a harmful website.
Employees need to know how to identify dangerous sites, attachments, and other scams. Otherwise, they may let extortionists and other hackers right past your security systems.
4. Conduct employee background checks
Make certain your new hires don’t have a criminal record, especially a record related to cyber crimes, hacking, and extortion. If there’s anything in their background that gives you pause, you may want to reconsider hiring them.
After you hire employees, make sure they know proper computer and network habits and that they only have access to the data that they absolutely need to do their jobs.
5. Install antivirus software and firewalls
Make certain you have all of the necessary antivirus, anti-malware, and firewall programs in place to protect your network. These programs need to do more than secure your internet usage, however — they also need to protect your email, your cloud, and monitor any program that is sending or receiving information over the internet.
Take your time to compare features so you can select the software that best protects your assets.
6. Always patch and update
When a software distributor announces a new patch or update for your programs or operating system install those patches as soon as possible. This is especially true if they are security patches.
When these updates are announced, hackers immediately start trying to take advantage of these exploits because some businesses don’t install the patches for a few days or even weeks. Don’t fall victim to these security holes.
7. Use intrusion detection and data breach prevention software
Most people assume antivirus programs and a firewall are all they need, but there are other programs out there that can greatly help reduce the threat from cyber-attacks.
Data breach prevention software will help keep your data as secure as possible, while intrusion detection programs will alert you to unauthorized access. You can search online for a good IDS software download website to add protection to your system.
8. Ensure you’re protected
Once you have your antivirus, firewall, and intrusion detection systems in place, make certain they’re actually doing their job. This is where you’ll want to hire an outside company to try to attack your system.
If they get in, you’ll see where your defenses need to be shored up. Even if they don’t, you still have to be vigilant. You may be able to defeat today’s cyber attackers, but you may be vulnerable to the techniques of future ones.
For that reason, it’s a good idea to schedule these mock attacks regularly so your IT person or team can continuously identify vulnerabilities and patch them. Companies that become complacent are often the ones that get attacked.
9. Defend against DDoS attacks
A Distributed Denial of Service (DDoS) attack can leave your system overwhelmed, shutting it down completely. Essentially, “The flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems.”
Make certain you are protected from these types of attacks, too, not just attacks that lock you out or encrypt your data. Hire an outside party to launch a trial DDoS attack so you can see how your system handles it.
10. Create a data security contingency plan
Despite all of your work, your system can still be breached and extortionists can take control of your data. You may personally have an idea of what you will do, but what if you’re not in the office that day?
Create a clear plan that outlines what to do in the event of a breach, who is responsible for what, and how the overall disaster will be contained and managed.
Your plan should include how you will announce the breach to the media and how you will deal with customers if valuable customer data is stolen. Finally, you’ll want to have a recovery section where you will detail how you will recover from this breach and regain the goodwill of your customers.
This article has been edited and condensed.
Sheza Gary, a NY-based Project Strategist since 2009, has been involved with launching startups and tech companies for 5+ years. Sheza has a keen interest in sharing her own experiences with business plans and upcoming business supporting technologies. She loves public speaking. Connect with @shezagary on Twitter.