What is ransomware?
Ransomware is a type of malicious software (malware) that encrypts files and stops you from being able to access your files or computer systems.
It’s not just bigger businesses that are targeted and there are no particular industries that are more vulnerable than others. If you work online, you’re at risk.
The attackers are generally financially motivated. They’ll try to extort you by demanding you pay a ransom to get access to your system and files again.
Ransomware infections can occur through things like phishing campaigns – where you’re tricked into clicking an infected link or attachment within an email. They can also happen if you don’t have strong passwords or don’t regularly update your software.
Steps to protect your business
Prevention is better than cure. These simple steps can help protect you and your business from ransomware and cyber attacks:
- Be aware of phishing campaigns. Phishing is a common way that computers and systems get infected. Learn how to spot dodgy emails, websites or links that could be harbouring malicious software. If you have staff, talk to them to make sure they’re aware of the risks as well.
- Regularly install updates on software and devices. This will prevent attackers from exploiting vulnerabilities which they could use to get into your systems.
- Implement two-factor authentication. Two-factor authentication is usually a code that’s sent to your phone or an authentication app to verify your identity. This is used in addition to a password and adds another layer of security to your logins.
- Back up your business and customer data. This way if your data is lost or stolen, you can recover it quickly. You can back it up on an external hard drive or on a cloud service.
- Talk to your IT team or service provider about setting up logs. They record when particular actions are taken on your website and systems and who’s done them. You’ll then be notified if any unusual or unexpected activity occurs.
- Have an incident response plan. No matter how well you prepare and how good your cyber security is, things can still get through the cracks. Have a plan that will help you take control of the situation if the worst were to happen. Know who to call and prepare by doing things like making hard copies of all important documentation in case you can’t access your system.
Top 11 tips for cyber security(external link) — CERT NZ
Phishing scams and your business(external link) — CERT NZ
Creating an incidence response plan(external link) — CERT NZ
Further guidance on how to prevent or contain cyber security attacks(external link) — CERT NZ
What to do if your business encounters a cyber attack
Online reporting tool(external link) — CERT NZ