Surprisingly, the answer to this question, “how much does it cost to protect your company against ransomware?” , is simple, easy and straightforward: not much!
Unless your data, information and files are worthless…
Certainly, this is not the case. Nowadays, data, files, and information are undeniably among companies' greatest assets —since they are, to a large extent, strategic and represent a competitive advantage.
It's cheap to protect your business from ransomware
Just to illustrate how inexpensive it is to protect your company against ransomware , I propose a quick and straightforward mental exercise. Let's go...
How much effort, time, and money do you estimate would be spent if all your data, files, and information were deleted from your company's computers, smartphones, laptops, and servers?
Imagine arriving at work in the morning and nothing is accessible or working? Not just down, but also blocked? From the website to your cell phone's address book...
Think about it! Not only do you need to speak to a customer and not have access to their contact information... Or you can't deliver a good or service because your calendar and schedule are inaccessible or blocked... Or you can't bill or receive payment for the goods and services sold...
In situations like these, or even worse, what would be the potential loss for your company? , in terms of image, reputation, and relationships with customers and the market?
Without a doubt, regardless of the value and commitment, if something like this were to happen to your company, how long would it take to return to normal operations?
Although this mental exercise is important, you must surely be thinking that this is not a matter of imagination, but rather a nightmare!
In fact, without prior investment to protect your company against ransomware , returning to a normal operational level is virtually impossible.
Perhaps, with these examples, you have already managed to “put together” some pieces of the terrible puzzle that is suffering a cyber attack .
I'm also sure you've monetized these situations and realized how expensive it is to not protect your company against ransomware .
Knowing is protecting your company against ransomware
In order to share information about the real threat and the risks and challenges of malicious attacks , over the past three weeks we have published a series of articles on our blog .
- What is a DNS firewall for?
- Does a DNS firewall reduce the risk of ransomware attacks?
- Renner case: would the DNS firewall have prevented the ransomware attack?
After all, "knowledge is power ." This phrase is from the English philosopher Francis Bacon (1561-1626). In other words, the meaning of this aphorism is that by knowing and understanding threats and challenges, this knowledge can generate practical results to face them and resources capable of overcoming them .
Indeed, it's a reminder of the need to invest in security and control over internet access . To that end, Lumiun Internet Security offers efficient solutions to protect your company against ransomware and other malware.
Before we move on and conclude this series of articles sharing information and top tips on how much it costs to protect your business from ransomware, watch the video below .
Lots of money, kidnappings and extortion: RANSOMWARE is robbing Brazil.
This is the title of the video in which Tecmundo website editor Felipe Payão presents a good summary of cyber attacks and why it is important to protect your company against ransomware .
Protecting your business from ransomware is quick, easy, and affordable.
Contrary to what the statement in the subtitle above expresses, in the previous block, we saw how much effort and money would be required if there were no investments to protect your company against ransomware.
No matter how small your company and operation is, it is clear that it would be expensive and require a lot of effort .
But the good news is that perhaps, if the resources (financial and human) are available, "resetting" your company and restarting all your activities from scratch would be possible. Although it would also be very laborious and expensive...
However, I hope you noticed, we only talk about effort and money…
Therefore, we still have an important aspect to consider: time!
the average downtime after a ransomware attack
This is what the Coveware Quarterly Ransomware Report , dated July 23, 2021, reports. The North American company Coveware specializes in intermediating the negotiation of ransomware incidents.
Furthermore, according to this report, this average number of days of inactivity is 15% lower when compared to the average for the 1st quarter of 2021.
In fact, time is a resource over which no company has control. Unlike labor and money, which can be allocated with varying degrees of ease.
Today, customers and users demand full availability of goods and services, anytime, anywhere. Failing to meet consumer needs or expectations can cost a business or contract .
Furthermore, the damage to a company's reputation and image can be irreparable .
This is why suspension, discontinuation, or shutdown of business activity are considered the most harmful and costly consequences of not protecting your business against ransomware .
Recovery time is critical against ransomware
Prevention is key when it comes to protecting your company against ransomware. Mainly because it's what will allow for faster recovery times in the event of a cyber incident.
Certainly, the ability to recover data and restore your company's operations after a ransomware attack is directly linked to the investment in protecting your company against ransomware .
Mainly because preventive measures can avoid the worst-case scenario and minimize losses by reducing the interest of malicious attacks .
However, it is always good to remember that no company is free from cyber attacks .
In this video, Ransomware: What It Is and How to Protect Yourself , you can see more tips on how to protect your company from ransomware .
Internet access control and security measures to protect your company against ransomware
The pandemic, in fact, caused an acceleration in the digital transformation of businesses.
As a result, the rapid increase in connectivity between businesses, people, and devices has led to increased risks associated with the vulnerability of systems and users to malware, phishing, ransomware, hackers, viruses, and many other threats.
Lumiun Internet Security provides useful internet management and security solutions to protect your business against ransomware , whether small, medium or large.
Above all, because it offers services that, at the same time, enable greater security and productivity on the internet , as well as greater profit for your ISP provider and greater security and control over the subscriber's internet .
Adopting a culture of information security is certainly an important step in protecting your company against ransomware .
In this sense, see 10 super internet security tips for small and medium-sized businesses .
- Use strong passwords for all users and devices.
- Enable two-factor authentication (2FA).
- Protect and control internet access.
- Use antivirus on all computers.
- Log and Limit Network Traffic with a Firewall.
- Have backup copies of important data.
- Keep software always up to date.
- Restrict permissions on shared files.
- Educate employees about phishing and social engineering.
- Implement an IT resource usage policy.
But after all, how much does it cost to protect your company against ransomware?
First, to answer this question assertively, we need to debunk cybersecurity myths . Regardless, the fact is that those who think that digital security for small and medium-sized businesses is like cosmetics are deeply mistaken.
Since, even in an unfavorable economic scenario, avoiding cyber attacks can directly and positively influence a company's revenue .
That is, compared, the values required to do what needs to be done and in the way it should be done are much lower than the costs and losses resulting from a cyberattack .
Ultimately, protecting your company against ransomware is the smartest and most strategic move when faced with the possibility of losing customer trust and tarnishing your reputation .
In fact, you can never be too careful when it comes to your company's reputation and finances. While this warning applies to many situations, it's particularly important when it comes to complying with the LGPD .
Mainly because the fines are heavy if companies do not take the necessary measures to comply with the safety and prevention principles , as required by law.
Three Cost Centers to Protect Your Business from Ransomware
Without a doubt, IT infrastructure assessment , user training , and protection tools (backup, firewall, DNS filter, system updates, and Business VPN) are three relevant cost centers for protecting your company against ransomware.
In this sense, there is another myth to be demystified about internet management and security: the high and unfeasible cost of protecting your company against ransomware and other cybercrimes .
In fact, efficient data security, even if basic, was once very expensive and even unfeasible for some companies .
However, the evolution of cyber attacks has led to the financial adjustment of the price of protection systems, making them accessible to small and medium-sized companies .
IT infrastructure survey
For the IT infrastructure to function properly, at least these aspects need to be observed.
- Hardware and software inventory – An accurate inventory of all equipment, devices, and applications.
This list should enumerate:
- the number of computers available;
- whether there are antiviruses installed on the equipment and which ones;
- the storage capacity of each machine;
- the software and operating systems installed , as well as their versions;
- the time of use of each notebook, smartphone and computer;
- types and quantities of hosts installed ; and finally,
- whether the equipment supports operating system updates .
- Depreciation and acquisition cost assessment – Assess whether computers, smartphones, laptops, and peripherals have a useful lifespan that is adequate for data security . Also, assess whether the equipment guarantees the security and possibility of backing up the data stored on it. If not, they should be discarded.
Likewise, assess the company's financial capacity to support software investments and updates, as well as equipment and device upgrades. This is especially true for operating system and software updates, which are crucial for data security.
Therefore, keeping equipment, devices and systems always up to date is essential for efficient data security, as they are used incessantly .
- Vulnerability analysis and risk management – Identifying the weaknesses and vulnerabilities in your company's internet management and security is the first step in properly assessing and planning the necessary investments to minimize risks and protect your company against ransomware and other cyberattacks .
Keeping sensitive data, strategic information, files, and equipment always accessible and available should be the priority guideline.
User training
Establishing data security policies and ensuring that all employees and users receive training to adopt responsible and safe behaviors is essential.
Even though training and qualifying employees has a low cost (compared to other information security actions and initiatives), these activities should not be relegated to the background.
Especially since more than half of all malicious attacks occur through users, primarily through the social engineering technique known as phishing .
Phishing is characterized by fraudulent acts aimed at obtaining confidential and sensitive data and information. The main technique and point of contact in phishing is the exchange of messages (via email, apps, or other tools).
Protection tools
- Backup – functional and reliable backup system is essential for data recovery in the event of loss or ransomware attack. It's one of the key strategies and measures for protecting your company against ransomware.
- Firewall – Hardware and/or software that monitors and controls the flow of data and internet access within a network, in accordance with each company's security policy. Above all, a firewall allows for filtering incoming and outgoing traffic and granting or denying specific and malicious access , in accordance with a set of legal and/or previously defined rules.
- DNS Filtering – A solution that manages access and security rules for data flows and traffic based on DNS (Domain Name System) queries. It allows, from source to destination, flow and traffic only to interesting and useful addresses, filtering out harmful and malicious ones . Therefore, it is important to define and prioritize rules, controls, and a data risk assessment .
- System updates – Updated operating systems and software undergo continuous improvements in quality, security, and performance. Furthermore, "originality" is crucial to keeping them secure and reliable . Opting for pirated tools can lead to several data security issues. After all, modified versions don't have the same security or verification features as the originals.
- Business VPN – A solution that brings external employees together and brings them all together on a single network. This process also helps increase security and productivity. VPN , which stands for Virtual Private Network, is a technology that uses the internet to connect a group of computers and, above all, maintain the security of data traveling over that network. Furthermore, the pandemic has made this technology even more relevant, especially due to remote work and working from home .
Finally, we can state that, even though essential investments in security and internet access control may "weigh" on a company's cash flow, they will always be advantageous, preferable, and cheaper compared to the alternative: not protecting your company against ransomware .
As a suggested continuation of this reading, the page "What is a DNS Firewall and 7 Reasons to Use It in Your Business" is a good follow-up to this text. You can also download the content from this page and share it with anyone who needs it.
