I’m sure by now someone has underscored why you need to protect yourself getting the nasty flu bug circulating this year. Countless news articles, school notices, and even YouTubers are joining the fight against spread of this nasty flu strain. Their message: prevention. “Wash your dirty hands” was the viral message from one nurse last week. Many reminders of good hygiene, particularly in flu season help us keep on track to stay healthy and avoid getting sick.
My question today: why aren’t businesses taking the same simple precautions to protect themselves against ransomware?
We all agree that the way we can keep ourselves and our families healthy this flu season rely on primarily simple and easy to follow principles of hand washing, getting a full night’s rest and eating nutritious food. If we are infected, we know not to spread the virus by limiting the amount of time we are in contact with others until we feel better.
Protecting your business against ransomware and other malicious viruses can be just as simple as adhering to similar standards of prevention. The problem is: most of us mistakenly feel that something like a cyberattack “would never happen to me” until it’s too late!
To help you continue to address your IT Security issues—those vulnerabilities that really should have been addressed months (or even years ago!)—I want to walk through 5 ways to prevent ransomware infections.
Here are 5 ways to avoid being a ransomware target and having to pay ransoming criminals:
- Make safe and secure backups of everything on your network
I can’t emphasize this one enough. Once your files are encrypted, you practically have no options for recovery other than rolling the dice with paying the ransom (which nowadays will be at least $35,000) if you have no backup of your files.
Unfortunately, most businesses I’ve worked with in and around the Philadelphia metro (and elsewhere in the United States) think they have good backups but actually don’t. CEOs are told that backups are working when they’re not (and only find out when they’re confronted with serious data loss).
IT Support is so accustomed to simply clicking on a button to start the backup, but never actually checks that the backups are working. Instead of validating your backups, your IT guy is probably just telling you they are ok without even looking (their automated report says they’re okay, so everything must be fine).
Make sure you have functional backups of your network that routinely back up (a 3rd party network security assessment certainly can help here).
Testing your backups will make sure you actually have something to go back to instead of paying a hacker to create more innovative ways to get into your network, but it isn’t the only thing you should be thinking about your backed up data.
Even though many businesses DO back up their data, they fail to realize where their backups are being stored.
If your backups are kept on your network, realize that those files likely will get targeted in a ransom attack (you’ll be stuck in the same situation as if you never backed up your files at all!).
[Note: if you are a Zog client, your backups are regular, tested and offsite.]
Be sure to back up your network off of your network (offsite) to ensure that if an attack occurs (or some other disaster hits your network), you assuredly can recover quickly without a hiccup AND without having to pay hefty ransoms which may bolster more attacks on your business in the future (lightning DOES strike twice when it comes to being targeted and infected by ransomware).
- Make sure your systems are updated and patched
Another broken record here. I say this over and over again, but with recent attacks hitting business large and small, I’m astonished how many IT Support teams fail to update and patch security vulnerabilities, many of which have been around for weeks, months, and (in some instances) even years.
Some of the most recent ransom attacks—including this recent Samsam virus— scour networks looking for old vulnerabilities on servers and workstations, infecting any that aren’t updated or patched.
Once in your system, these viruses spread like wildfire throughout the network. Normally, when a ransom attack hits, it takes a full week to get your team up and working. That means you’re losing costs in W-2s for 40 hours of work PER employee in addition to any work lost from the ransom attack (encrypted files that you had not yet backed up).
If you were diligently testing and backing up your network, you may be lucky to have just lost a day’s worth of work. But if you add up a full week and an extra day just to get you back to where you were before the ransom attack, you’re talking about big bucks!
To demonstrate the costs of an unpatched network, here’s a back of the envelope calculation of some of the obvious costs of being attacked:
Let’s say you have 10 team members and their average hourly rate is around 50 bucks per person.
5 days where they cannot work because your network is down = 40 hours x 50 dollars an hour x 10 employees.
You end up wasting $20,000 in downtime for that one week!
Plus the day (here I’m being really conservative) of lost work materials. Add another 4 grand for each day’s worth of work lost and your minimum costs from a ransom attack is at least $24,000!
Not to mention dealing with unhappy clients who aren’t getting their work delivered, exposure of sensitive data that might lead to identity theft, security compliance fines (PCI or HIPAA for example) and missed opportunities.
Your actually costs—even with full offsite backups—may end up being in the hundreds of thousands of dollars for one unpatched machine on your network letting one of these viruses in.
- Use updated antivirus software
While many of the most recent viruses have gone undetected on a variety of antivirus software, having an updated antivirus on your network is still a critical defense to containing a lot of the bad crud hitting your network on a daily basis.
Realize that as these new strains of viruses get detected and documented, an updated antivirus will be able to detect their signature. While there are a few masterminds reinventing and redesigning virus code, the majority of these criminals are using older virus strains because they are working (making them big cash returns)! This means one thing—businesses aren’t monitoring their networks with up-to-date antivirus.
Many businesses fail to even keep antivirus updated—updates that could quarantine or minimize the spread of infection across your network. Instead of infecting your whole network, with a good antivirus that is regularly updated, you may only have one or a couple machines impacted. Not sure if you have the right antivirus software? Ask us about a free security assessment to find how to best recognize viruses before they become a huge problem.
- Keep EVERYONE informed
Most IT Support teams fail to communicate—in real understandable English—how to prevent getting scammed, phished or hacked. While many vulnerabilities for ransom attacks lie in the hands of problems related to specifically things IT Support should have done in the first place, many attacks can be stopped if users recognize and think about their actions.
This is where proper internet hygiene comes into play. Just like hand washing prevents spread of the flu virus, phishing scam recognition and data security practices can prevent users from handing out credentials to sensitive areas of your network or even preventing viruses from accessing the network all together.
Being able to (1) have team members identify what email scams look like, (2) report anything that looks unusual on their computers (files opening on their own, pointer moving without touching the mouse, windows opening without their control) to your IT team, and most importantly (3) ensure that that your team has a good working relationship with IT Support so that suspicions or problems don’t hold them (and your business) from preventing disasters (something the Zog team does every day).
- If hit by an infection, don’t just wait and see
Many businesses have no idea what to do when they get infected with a ransomware virus. Some try to restart their computers, hoping that a refresh will rid them of the problem. Many will keep their computers linked to the internet—searching for answers about this virus.
If infected, the first step to recovery—as a precautionary measure—is to disconnect. Hackers sometimes rely on computers being connected so that they can actively interact with your hacked network. The problem with keeping computers online is that sensitive data may be leaving your network (and you likely won’t even know it).
Start by disconnecting infected computers from your network and turning off and disconnecting other computers that might not yet have been infected as a precaution to prevent the virus’ spread. You may actually have a chance of saving workstations (or servers) on the network if they were not originally part of the infection.
Some ransomware viruses will actually demand that you not disconnect computers—but don’t be fooled! They DON’T have your best interest at heart and are trying to get you to emotionally react to their demands.
If your files are locked or encrypted and the ransom asks you to pay the demand, consider the consequences. By paying the ransom, you aren’t guaranteeing anything. In fact, recently paid ransoms have only been 80% effective at getting an encryption key. Also, paying the ransom may actually make you a bigger target as bigger and more virulent viruses get made (criminals on the Dark Web are actually tracking when ransoms are paid and have started re-targeting these businesses!).
If you have good backups—which, after reading this article, I hope you are seriously thinking about (remember, you can always get a second opinion on whether your security can defend against ransom attacks)—you will be in a relatively good spot to recover from any sized ransom attack.
If you don’t have backups, you may be able to piece together data from your network to hobble together critical business data (a cybersecurity or forensics team may be needed depending on the extent of ransom infection).
The quicker you react to the ransom attack, the more data you’ll likely preserve free from encryption.
The bottom line: make sure your IT Support team takes simple actions to prevent a ransomware outbreak on your network. If you are at all questioning whether your business—like many in the Philadelphia metro—are NOT backing up their data securely, are NOT patching their machines and risking infections attacking their networks, are NOT informing users to recognize common attacks and do NOT have a plan to immediately respond to a ransom attack, contact us TODAY for a free security roadmap meeting.