Skip to main content

How to protect your business from being held to ransom

Ransomware attacks can cause huge disruptions to your business, including loss of income, customer trust and resources. See the simple steps you can take to protect your business from a ransomware attack and how to react if you’re targeted.

What is ransomware?

Ransomware is a type of malicious software (malware) that encrypts files and stops you from being able to access your files or computer systems.

It’s not just bigger businesses that are targeted and there are no particular industries that are more vulnerable than others. If you work online, you’re at risk.

The attackers are generally financially motivated. They’ll try to extort you by demanding you pay a ransom to get access to your system and files again.

Ransomware infections can occur through things like phishing campaigns – where you’re tricked into clicking an infected link or attachment within an email.  They can also happen if you don’t have strong passwords or don’t regularly update your software.

Don’t pay ransoms

There’s no guarantee that you’ll get your files back. You’ll also be at risk of further attacks if you’re seen as willing to pay.

Steps to protect your business

Prevention is better than cure. These simple steps can help protect you and your business from ransomware and cyber attacks:

  • Be aware of phishing campaigns. Phishing is a common way that computers and systems get infected. Learn how to spot dodgy emails, websites or links that could be harbouring malicious software. If you have staff, talk to them to make sure they’re aware of the risks as well.
  • Regularly install updates on software and devices. This will prevent attackers from exploiting vulnerabilities which they could use to get into your systems.Implement two-factor authentication. Two-factor authentication is usually a code that’s sent to your phone or an authentication app to verify your identity. This is used in addition to a password and adds another layer of security to your logins.
  • Back up your business and customer data. This way if your data is lost or stolen, you can recover it quickly. You can back it up on an external hard drive or on a cloud service.
  • Talk to your IT team or service provider about setting up logs. They record when particular actions are taken on your website and systems and who’s done them. You’ll then be notified if any unusual or unexpected activity occurs.
  • Have an incident response plan. No matter how well you prepare and how good your cyber security is, things can still get through the cracks. Have a plan that will help you take control of the situation if the worst were to happen. Know who to call and prepare by doing things like making hard copies of all important documentation in case you can’t access your system.

What to do if you’re targeted

Get your network offline immediately. The faster you do this, the more you can contain the spread of the malicious software. You can do this by simply taking out network cables from your workstation and unplugging your wireless router.

Seek the advice of an IT professional. If you don’t have an internal IT person, then ask your IT service provider to help work out how your systems were infiltrated and how you can stop it from happening again. If you’ve already paid a ransom and received your files back it’s still important inspect your systems and check if any malware remains on your computer, or if the attackers have created any other ways of accessing your systems and data.

If you or your business experiences a ransomware attack or another cyber security issue, report it to CERT NZ.

You can do this via their contact centre 0800 CERT NZ, or their online reporting tool.

Online reporting tool(external link) — CERT NZ