Here are the 5 risky ransomware assumptions that you should avoid at all costs. Don’t fall prey to a ransomware attack. Use this handy information to diagnose and fix any risky practices your organization may be guilty of.

1. My Business Is Too Small To Be A Ransomware Target

Guess what, you’re dead wrong. Assuming your firm is too small for ransomware attacks ignores that fact that ransomware works best on firms that cannot afford the very best and latest in data security and protection. Small firms in industries like veterinary, dental, plumbing, construction and thousands more get hacked every year. The reality is, small firms are easy pickins for hackers and ransomware schemes. The time to take action on proper planning for security and recovery is now, no matter how big or small your firm is.

2. Attacks Are Not That Sophisticated

Because the illegal money to be made is so great hackers work hard to continually up level the sophistication of their attacks. Assuming there’s a ‘status quo’ of threats, and that what was good enough last year to protect against them will be good enough this year is a very dangerous assumption. The fact is, ransomware and other cyber threats are constantly evolving and becoming more sophisticated, which means so must your threat planning and procedures.

3. Our Data Is In Office 365 So It’s Safe

Wrong. Just because you use Office 365 doesn’t mean phishing schemes and hackers can’t get access to your data and encrypt it for ransom. Microsoft clearly states it provides only the infrastructure via Office 365, but you own your data. Anyone who’s seen how fast an entire mailbox or even ecosystem can be encrypted should realize that just because it’s in Office 365 doesn’t mean it’s safe.

4. Our Data is Always Backed Up Because It’s In The Cloud

With more companies than ever relying on the cloud for critical business data comes a false assumption that at anytime, anywhere, any of that data is backed up and available for restore. Although there are temporary ways to retrieve email communications, none of the systems (Office 365, G Suite Gmail, etc.) has a turn-key backup and recovery system to ensure all data is available for restore. If someone deleted it from the recycle bin, it’s permanently gone. Good planning for disaster recovery means having advanced backup systems in place to properly safeguard data.

5. The Best Defense For Ransomware Is Detection Systems

Although detection systems can help weed-out some of the ransomware threats to your business, the best way to build a defense is with an onion-layer system of security coupled with robust backup and recovery. At a high level the onion-layers include: Security education of employees

Threat detection and alert systems

Tight security and as-needed-only access to software and hardware

Requiring changing of passwords on a fairly frequent basis

Testing systems via ethical hackers

Written processes and procedures for handling incursions

Practicing ‘fire alarms’ to test systems and staff

Comprehensive backup of business email and related communications data

The 5 Risky Ransomware Assumptions to Avoid

So these are the 5 risky ransomware assumptions to avoid at all costs. By reviewing each of these assumptions and comparing them to your organization you’ll have better visibility into where your firm’s defenses and systems may need to be optimized.

The critical thing to remember is that no amount of planning will ever truly 100% mitigate the threat, so the best your business can do is prepare as best as possible, and have a robust email and related communications backup and archiving solution in place to protect critical business data.

Dropsuite provides the industry-leading Email Backup and Email Archiving solutions to help organizations protect and preserve data. To learn how Dropsuite can help protect against ransomware contact us at sales@dropsuite.com.