Ransomware is a common and potentially devastating form of cyberattack on organizations of every kind. Nonprofits are as vulnerable to these attacks as any other business. Their risk might even be higher since in some cases they neglect security as they operate on a tight budget and without any dedicated technology experts on staff.
We spoke to Brian White, an enablement specialist at Veritas. He is also the executive director at the Positive Flow Foundation, which focuses on helping children and families live more positive lifestyles. This makes him the perfect expert to talk to us about ransomware attacks, how they affect nonprofits, and what to do to protect your organization from them.
What Is Ransomware?
Brian explains that ransomware refers to any external software or activity that encrypts or locks down your data in some way that makes it inaccessible or unusable to you. Hackers then demand money in return for granting access to your data. In effect, ransomware attacks hold your data for ransom. Ransomware attacks more than tripled from 2019 to 2020, with over $350 million in ransom money paid to cybercriminals. And cybercrime costs are set to increase by 15 percent each year for the next five years.
Ransomware attacks can originate within the organization or outside of it. For example, an employee within the company could install BitLocker encryption on a single piece of hardware to lock down systems across the organization. They could also delete important files, so that applications begin to fail. Attacks that originate externally are usually executed through links. These links are likely to be sent via email, designed to look trustworthy to the recipient so that they click the link without looking too closely.
Brian tells us that these attacks are very commonly exacted on nonprofits and other small businesses — in fact, 75 percent of attacks are on small businesses. He says that often, small-scale ransomware attacks are tested out on small nonprofits before attempting a larger-scale attack. The healthcare sector is a common target, used to test out how well an attack can span multiple branches and interacting systems in an organization. Different hackers do this for different reasons, but the overarching goal is to cause disruption and make money.
Protecting Your Organization
One of the reasons that small organizations are targeted by hackers is that they often don’t adequately protect their networks, making themselves easy targets. Brian shared some practical steps you can take to prevent a ransomware attack from happening and respond quickly and effectively if your organization is attacked.
Brian explains that the most effective way to mitigate an attack is to prevent it from happening in the first place. You can do this by educating your team, having security measures in place, and backing up your data thoroughly. Ensure that your team understands the policies in place in terms of opening emails and sharing content with the organization. Be conscious of who is accessing your network and ensure that your team is on the lookout for anything suspicious.
It’s also important to limit access to your organization’s files. Ensure that only those who need access to a certain file can get to it. The fewer employees who have access to files, the lower the risk of an internal ransomware attack. In general, it pays off to put extra security around your data, especially sensitive files. Software that allows you to limit access, or password-protect sensitive documents, is worth investing in.
It’s also critical to use proper cybersecurity tools such as those that offer firewall, antivirus, and malware protection. You can learn more about the various solutions offered by TechSoup in this blog post.
Finally, backing up your data is one of the best things you can do to protect your organization in the event of a ransomware attack. If you suffer a ransomware attack, but have a recent backup, you can restore your system and avoid paying a ransom. Brian runs a nonprofit and understands that nonprofit organizations often run on tight budgets and can’t afford to lose data or have extended periods of downtime. He recommends using the 3-2-1 rule when backing up your data:
You should have three copies of the same data, on two different mediums, with at least one stored offsite.
These different mediums could include cloud storage, device storage, or tape storage, as long as one is stored in a different location from the others. Brian recalls working with someone who kept physical copies of all of his data in a safe in the back of his car. “He always knew where the tapes were; he always knew how to catalog his information,” he explains. An unusual method, but an effective one.
Responding to an Attack
Even with all of the right precautions in place, ransomware attacks can still happen. Brian says that if you do suffer an attack, the first step is to understand when the attack happened. If you noticed the attack today, it may be that your data actually started being compromised over a week ago. Anomaly detection software can spot inconsistencies such as changing file names, which can help you pinpoint when the attack began.
Once you’ve worked out when you were attacked, the next step is to find your last good backup before that point. That backup might be 10 days before the attack, meaning that you lost 10 days of business, but Brian says that this is preferable to paying the ransom. By paying, you are indicating that you are willing to hand money over, making you a much better target to get hit again. You’re also at the mercy of the hackers when you pay the ransom, so you’re not even guaranteed to get all of your data back. “At Veritas, we 100 percent believe that the best plan of action is to recover the data you can and move forward.”