FTC shares guidance for small businesses to prevent ransomware attacks

The US Federal Trade Commission (FTC) has shared guidance for small businesses on how to increase resilience to ransomware attacks.

The US Federal Trade Commission (FTC) published guidance for small businesses on how to protect their networks from ransomware attacks.

The FTC suggests two steps small businesses can take to bolster their resilience against ransomware attacks.

The first step consists of recommending organizations to follow best practices to neutralize ransomware attack such as set up offline, off-site, encrypted backups. It also required small businesses to share the CISA Fact Sheet with their IT staff. FTC also recommends to implement practices described in the Ransomware Guide and the Fact Sheet on Rising Ransomware Threat to Operational Technology Assets.

The first step recommends of schedule a security refresher for employees of small businesses. Ransomware attack chain often starts by opening an attachment or by clicking on a link in unsolicited mails. In some cases threat actors could target small businesses with spear-phishing messages that can be specifically crafted using publicly available information or stolen data about an employee.

“A small business’s best defense is a workforce trained in the tricks that cybercriminals are likely to use. Other important protections are: 1) rigorous authentication procedures; and 2) a company policy that requires passwords for employee credentials and administrative functions to be l-o-n-g and complex.” states the FTC. “In addition, educate your staff on the folly of using the same password on different platforms, and consider the many benefits of multifactor authentication.”

The FTC also shared guidance for businesses that experienced a data breach.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]