Why Backups And MFA Are So Important For Ransomware

Blogs, jahlberg, Security, Strategy

classification

Two of the simplest and cheapest ways to protect your company from a ransomware attack are Multifactor Authentication and a fresh backup.

Here’s why.

 

Back up everything! You are not invulnerable. Catastrophic
data loss can happen to you – one worm or Trojan
is all it takes. – Kevin Mitnick

Just because the data is in the Cloud does not mean it’s backed up.

Do you have a backup of all your precious data? I’m sure you think you do, but when was the last time you made sure your data was actually backed up and safe? Don’t assume because your data is in the Cloud that it is backed up. Definitely don’t say it is if your IT says so but never shows anything to prove it. Your data is the lifeblood of your company. If you lose your data, you are out of business, which is why backups are so critical in protecting you from a Ransomware infection. Imagine your Office 365 account has been hacked with Ransomcloud (Ransomware for the Cloud). All of your emails are now inaccessible and both your email and your other files are encrypted. How would you recover from that?  Yes, cloud providers keep copies of deleted files if you ever need to recover one, but all of your files and all your email at the same time? That’s a whole different story. Not having a backup in place means data loss and a lot of recovery pain to salvage what you can. Or, you’ll have to pay the ransom. Same situation with your onsite data. Protect yourself with pristine backups—you’ll thank yourself later when you really need them.

 

 

Ransomware is unique among cybercrime because in order
for the attack to be successful, it requires the victim to
become a  willing accomplice after the fact
― James Scott

Multi-Factor Authentication (MFA): The Annoying Step That Can Save Your Bacon

Do I really need to have MFA (Multi-Factor Authentication)? Sure, it’s a pain to have to enter a random code every time you log in. Sadly, this is the state of the world we live in. So, yes you should be using MFA for any system containing data you care about. This includes mundane things like Office 365 that get overlooked (see above). It’s pretty easy to set up and; it’s not that disruptive given the layer of protection against ransomware and hackers it offers for the effort. I have a quick client story to prove it.

 

The Luck of the Irish: Adding MFA Just In Time

We have a client that had been dragging its feet to turn on MFA for their Office 365 accounts.  They understood that MFA was something they should do, but felt it was unneeded because their emails were not appealing to a hacker and did not want the second-step inconvenience.  They finally acquiesced. We turned MFA on and rolled it out to the users without a hiccup or exorbitant complaint.  It was not as dramatic an event as they had feared.  So far so good. Then, about a week later, a few key employees started receiving texts from Microsoft requiring their MFA codes to log in. Our client’s users were confused. They couldn’t understand why Microsoft was requesting MFA codes from their users who weren’t logging in? Unbeknownst to our clients, some hackers had been trying to access those unappealing email accounts mentioned above. The hackers never successfully logged in. The new MFA layer brought the hack into the open and protected our client’s emails.  With MFA in place, hacking the email is MUCH more difficult and as hackers do, they will move on to a victim who is less diligent.

Don’t be a Ransomware Victim

DOWNLOAD our Ransomware Best Practices Checklist and take the simple steps to protect your data, keep your employees productive, and keep your enterprise up and running. The more cybersecurity protection layers you have in place, the harder a target you are, and the chances of being hacked are much lower since it will take too much effort.

 

 

 

 

 

 

John Ahlberg
CEO, Waident

CIO in the corporate world and now for Waident clients. John injects order and technology into business process to keep employees productive, enterprises running, and data safe.

Related posts

Email Phishing: How to Recognize, Respond, and Protect Your Data

Email Phishing: How to Recognize, Respond, and Protect Your Data

Almost every week we hear about our clients getting hit with phishing emails and it is scary. Phishing attacks can target anyone, no matter how secure their systems may seem. According to the Sophos Ransomware 2024 report, 59% of companies were hit with ransomware...

From AI to Cyber Insurance: Top IT Expenses to Anticipate in 2025

From AI to Cyber Insurance: Top IT Expenses to Anticipate in 2025

It’s that time of year! IT budgeting is not fun, but we all agree it is essential. Many planners fall into the trap of recycling last year’s plan, year after year, without taking a strategic approach. Instead of repeating what you did last year, and frankly years and...

Expert View: Navigating AI Compliance and Risks in the Midwest

Expert View: Navigating AI Compliance and Risks in the Midwest

At Waident, a Chicago-based leader in cybersecurity, we've launched a series of expert interviews to share valuable insights into AI technologies. Today’s guest on "Expert View" is Waident’s Chief Information Security Officer, Patrick Giantomasso. We asked Patrick how...

Accessibility Toolbar

Share This