September 9, 2015
A brazen security breach. A vicious hijacking. An ultimatum, followed by a time-sensitive ransom demand. It all sounds like the plotline for Liam Neeson’s next movie. But we’re actually talking about a very real threat that you face every time you plop down behind your desk and fire up your computer. Who knew your job could provide so much intrigue?
The threat is known as Ransomware. It’s an ugly type of software that allows cyber bad guys to essentially hijack your company’s data and hold it hostage until you fork over a ransom to get it back. It goes by a number of names. You may remember hearing about the CryptoLocker virus which was taken down last year, followed by the unrelated CryptoWall, which recently resurfaced in its “3.0” version after a brief period of dormancy. Regardless of what form it takes, ransomware can have a downright scary effect on a company’s business operations.
Like any malware of this kind, ransomware is typically spread through a veiled e-mail attachment, interaction with a website that has been compromised, or through an infected computer program. Once it strikes a computer or a network, the files therein become encrypted, making them virtually useless. Once a system has been compromised, a message typically appears informing the user that their data is gone and will not be returned until a ransom is paid.
Often this malware comes across as a message from the FBI, stating that the user performed some sort of illegal operation and must pay a fine to retrieve the data. These claims are, of course, nonsense; no legitimate law enforcement agency conducts business this way. But the correspondence looks just official enough to induce a percentage of victims to pay up on the spot. Even if you do pay the ransom, there’s certainly no guarantee that your data will ever be restored. We are dealing with cyber scum after all.
It looks like these cyber threats are here to stay, so it’s important for organizations to take concrete steps in order to protect themselves. With that in mind, here are six key tips to protect your valuable data from being hijacked through ransomware.
1. Backup Your Data!
This can’t be overemphasized. Make sure your files are saved and backed up beyond the desktop. A simple step is to save files in a network folder as well as on a simple external hard drive. Just make sure that the hard drive doesn’t remain connected to your workstation, as it will remain vulnerable to attack as well.
For businesses to stay safe though, this isn’t enough. It’s time to…
2. Embrace the Cloud
As if you needed another reason to adopt the cloud for your business, here we have another one. Backing up your files with a cloud provider is an ideal solution to combat the threat of ransomware. The provider stores your data on their servers in a secure data center. You can access said files any time from anywhere, as long as you have an Internet connection. A qualified IT provider will have his or her own security measures in place to ensure that your data is properly backed up and safe.
You also have to be vigilant about keeping the threats out of your system in the first place. That starts with making smart choices, for instance…
3. DO NOT Open Attachments if you Don’t Know the Source
Did you read that? Good, now look up one line and read it again. This really should be self-explanatory at this point, but it still happens. The most common avenue for malware like this to infect a network is through downloading an email attachment. Sometimes it’s masked as an urgent message, a voicemail message, a fax, or even a joke. If you decide to open a file from someone you don’t know, the joke could be on you in the form of a pink slip. Find out for sure if any attachment is legit before you even think about opening it. Once you do, it’s usually too late to go back.
That’s why it’s so important for a company to…
4. Teach Your Employees How to be Vigilant
It’s such an easy thing, yet even today it’s often overlooked: Talk to the people that work for your company and show them how to protect themselves (and the company) while online. Teach them what we just talked about, educate them on how viruses and malware can enter a network, and show them exactly what kind of damage these attacks can cause.
Make sure they know to only browse and download from sites that are trusted, and not to click on banners or other links without knowing exactly what they are and who they’re from. If anyone receives an official-looking warning about software they must download to get their system up to date, make sure they don’t do it unless they know it to be true.
Seem elementary? Sure it does. But companies today can’t afford to assume or leave anything to chance. Teach your employees how to practice safe computing and make sure they understand that they will be held accountable for careless mistakes. Even better, take some options out of their hands through…
5. Content Filtering
No matter how much you educate employees, there’s always a chance they’ll still engage in online behavior that leaves the company vulnerable; in some cases, not by accident (disgruntled employees pose a viable threat to security). That said, it’s a good idea to have a solid content filtering system in place to keep employees on the straight and narrow. Not only will you keep wasted time to minimum, you’ll also be taking a step to protect the company’s data.
A qualified IT service provider can work with you to find a content filtering solution that works best for you and your organization. For instance, even if you don’t want to completely restrict employee access to certain websites, we can implement a solution where interaction alone will be restricted. For instance, an employee could sign into Facebook, but would not be able to like, share, comment or download.
So employee monitoring is important, but you also have to…
6. Use Protection
It’s important to make sure all of your anti-virus software is up to date. As viruses are created and unleashed on the public, they can slip past anti-virus software until a “patch” is created that combats that specific virus. It’s like a never-ending game between the virus creators and the virus fighters. Those threats that are yet unknown to anti-virus software are known as Zero-Day Viruses, and leave systems vulnerable until a patch is created and implemented. Some modern browsers also offer add-ons that effectively combat ransomware by keeping scripts from running automatically.
This is yet another reason to partner with a qualified cloud provider. When you work with an IT provider, make sure that your security measures are properly updated so you always have the most up to date security in place protecting your company’s valuable data. Dell SonicWALL technology, offered through many IT service providers, is as good as it gets when it comes to keeping company data safe and secure.
If ransomware infects your company’s network, the effects can be crippling. By incorporating a few common sense initiatives and taking proactive steps, you can minimize your company’s risk. Your best defense though is to leave it to the professionals. A qualified and respected service provider can guide you through the malware minefield to make sure your organization is as safe as possible, at a price that works within your budget.
Hopefully your organization has taken the proper steps to remain protected from ransomware and other potential cyber threats. Once your network is infected, it’s too late. If a workstation does become infected, disconnect from the Internet as soon as possible, quickly unplug any peripheral storage devices and call a qualified IT service provider as soon as possible.
Michael J Puckett is director of marketing at Data-Tech. Contact Data-Tech for a free network assessment. At no cost or obligation, we'll come to your office and conduct a thorough review of your computer network, backups and technologies. We'll analyze how you're working right now and identify what areas are giving you the most problems. From there, we'll show you a simple, cost effective plan for upgrading your network to the cloud versus the traditional on-premise server and network you currently have. Contact at (813) 874-5511 or email@example.com and mention this article.