Until recently, “ransomware” was a technology buzzword that you may have encountered online or heard your IT staff discuss around the water cooler. Unfortunately today, it is not just IT lingo, but instead, a serious threat to businesses around the world. According to Cybersecurity Ventures, it is estimated that ransomware attacks will cost $8 billion in 2018 and up to $11.5 billion in 2019. And, ransomware attacks on businesses are predicted to occur every 14 seconds by the end of 2019.
Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. The virus encrypts (or scrambles) an organization’s computer files and holds the files for ransom until the money is paid and the hacker gives a code to unlock them.
How does this happen?
Are hackers attacking your network? Are they doing some hi-tech computer attack like you would see in the movies? Not really. These infections are easier to catch than that and in most cases, people inadvertently infect themselves. Users click pop-ups on unsecured websites or open innocuous looking email attachments and that’s all it takes to install the ransomware.
So, what do you do to avoid ransomware attacks?
While there are many things that your IT staff can do to reduce the chances of ransomware infecting your systems, user training and awareness go a long way toward stopping the problem before it starts. No matter how much technology is put in place as defense, end users still need to be able to identify ransomware and know what NOT to click. While many people do understand the risks of clicking on suspicious emails and websites, many are not as comfortable with technology. Don’t be afraid to ask questions: Is this a legitimate email? This website says I need an update; should I do that? Do I hit ‘run’ on this pop-up?
Safe computing training is not complicated and can be done on demand, so it doesn’t interfere in daily operations. Cybersecurity companies offer safe computing courses in which a short video is sent to subscribers once a month. Each video can be completed in a short amount of time and teaches users about the latest in security threats.
Behind the Scenes – What Can be Done on the Technical Side?
You can reduce the chances of your staff encountering fraudulent websites and emails by adhering to best-in-class IT practices. For email, a good anti-spam provider that offers anti-virus protection is essential. Emails that are carrying ransomware can sometimes be stopped before they reach the user’s inbox. The latest firewalls have the ability to stop some of the deceptive websites from launching the software that will infect your computer. Therefore, an up-to-date firewall is essential. The computers themselves should be on the latest operating system. Microsoft has made great advancements in the security of Windows 10, so all computers that are on Windows 7 should be upgraded to Windows 10. And finally, from a more technical perspective, Cisco offers a security product called OpenDNS that will keep ransomware from “phoning home” and encrypting files even if a user has clicked on the infected email or website. These technical preventative measures can be implemented by your IT support team and will go a long way toward protecting your data and your users.
How are your backups?
If you do become infected, the most common way to recover files is from your backups. You should understand how your backups work and know the effort involved in recovering your files in a situation like this. Files should never be stored on the desktop and should always be in a place that is being backed up. If you are not backing up your files and you are hit by a ransomware attack, you will have to recreate your files or pay the ransom.
On a final note, it is not the old viruses that businesses need to be concerned about. Most of them can blocked by the methods I’ve discussed above. It is the new ones that are hard to stop. As the good guys find a way to block the new methods, the bad guys find ways around them. Keeping your systems up to date, reviewing your backups and staying abreast of the latest technology will help ensure you are protected. If you are a small to medium business, a full-time IT person or a Managed IT Services Provider can help you stay on top of the latest security threats.
If you’d like more information on Revolution Groups managed service program, feel free to reach out to us. You can call us at 614-212-1101.