Veeam: How to protect your data (and business) from digital extortion? 10 simple tips

One of the most severe cyber threats, not just for businesses but for any internet user, is ransomware – malicious software which encrypts data, demanding a ransom to get it back. Anyone can be the target of such an attack, and it can happen more than once.

“We all tend to take certain aspects of our digital lives for granted, such as social media DMs and calls, ride sharing apps, mobile payment, or other online banking services we rely on. It’s great that we have an ever-increasing efficiency and mobility thanks to the evolution of technology, but digitization comes with a plethora of new dangers to our safety that we absolutely need to know and prevent. By giving third parties access to our data, we risk putting ourselves in a vulnerable position – from reducing our ability to perform our duties at work to losing access to accounts we can’t live without on a daily basis. No one can afford to lose their data,” says Dan Popa, Regional Manager Southeastern Europe, Veeam.

According to Veeam Ransomware Protection Trends Report 2023, 80% of organizations that were attacked in the past year paid the ransomware in order to end an attack and recover data – that´s an increase of 4% compared to the previous year.  It is not possible to eliminate the risk completely, but a few simple steps can make it more difficult for the attackers to succeed and help to protect crucial data. Here are 10 rules which will help to protect data from ransomware and other cyber threats.

#1 Be skeptical and slow down

Cybercriminals are looking for opportunities to take advantage of the victim’s haste and inattention. That’s why it’s good to slow down and stay cautious to avoid making simple mistakes while using the internet. If an offer or message you receive sounds too good to be true, it probably is. Malicious software such as ransomware most often is being spread with phishing. So always look out for warning signs, do not click on unknown or suspicious links or attachments, do not reply to messages you are not expecting or those from someone you don’t know. Also, be cautious of auto-completion in emails and ‘reply all’ option so you don’t send sensitive information to the wrong person.

#2 Use strong passwords

It often takes criminals only a few seconds to crack passwords based on a date of birth or their loved ones’ names. The rule is simple: longer is stronger. Leverage passphrases and different characters to help create long passwords that are easy to remember, but hard for others to guess.

#3 Be careful online

Viruses, trojans and so on can hide in legitimate looking websites, messages, or free software packages online. Ensure you have an anti-malware program enabled (and keep it updated).

Use secure networks: if the WiFi you are using is not encrypted, ensure you are using a VPN or other layer of protection. It is a good idea also to leverage bookmarks for important and frequently used URLs so you’re less likely to fall for fake sites Also, remember that everything you share on social media becomes public, regardless of your privacy settings.

#4 Stay safe on the go

Remember that security is important also outside the office and in public places. Don’t talk about sensitive information or enter sensitive data (such as logins) in a location where others can hear you or see your screen. If possible, use a privacy screen and make sure your screen is not visible to others. Even public charging ports can be risky. Use your own battery pack to protect against juice jacking – stealing the data via public USB ports.

#5 Know your data

You cannot protect your sensitive information if you don’t know where it is being stored or which information is sensitive and should be protected. The key is to understand what data is being stored on which devices and then classify it based on its sensitivity level. Based on this, you can determine which data you should be protecting as a priority.

#6 Protect all smart devices

IoT devices have become minicomputers which you can control with your smartphone. With remote work, personal devices being used for work and on the contrary, the risk of cybercriminals intercepting data transmitted within the network is increasing. Therefore, to protect sensitive information, you should secure any smart device that can be connected to the internet. Ensure you use anti-malware software, strong passwords, or access controls. It is also necessary to change the default passwords pre-set by device manufacturer.

#7 Limit access

Confidential data should not be accessible to any third parties. This is a rule in both personal and professional life. Even if you trust your team or friends, this doesn’t mean they all need access to all the information. Consider you are allowing to access your data and devices and limit the access on a need-to-know basis. Use multi-factor authentication when given the option. This helps protect confidentiality, but also reduces the impact if someone’s access is compromised.

#8 React and report

Don’t ignore any threat or suspicious incident. Consider whether you know what to do in case of the data breach and who you should report the incident. It is important to report any fraud attempt or suspicious incident to your bank and institutions such as CERT or NASK. If you receive something to your work email or device, follow your company’s cybersecurity incident reporting methods. The sooner the security team knows about it, the sooner they can protect against it.

#9 Back up your data

Even if you have the best-in-class security solutions, you can still become the target of a cyberattack and lose access to your data. Therefore, it’s good to have an extra safety and regularly back up your data. This will allow you to quickly restore your data and avoid the irretrievable loss of important documents or photos. Companies should have at least three copies of important data on two different media. At least one of these should be offline, off-site, and air-gapped or immutable. It is also important to make sure that there are zero errors with recovery verification (3-2-1-1-0 backup rule).

#10 Be aware and educate others

Cybercriminals are constantly changing their methods. Therefore, it is necessary to constantly update your knowledge of the risks and regularly train your employees in terms of cyber hygiene, so that they can recognize a scam and suspicious incidents. The unaware user often becomes the weakest link in a security system, but when equipped with the proper knowledge, he can also be an important part of human firewall and security team.