Ransomware: The Dos and the Don’ts

,

You may remember that the Colorado Department of Transportation was attacked by ransomware twice – one of which was successful – earlier this year. The successful attack sent 2,000 employees back to using paper and pencil for over a week. What many don’t know is that small businesses are just as big of a target for ransomware hackers. In fact, the FBI reported in 2016 that ransomware infected an estimated 100,000 computers a day, regardless of business or personal usage. That number has only increased.

It’s just a matter of time until a hacker tests your business’ cybersecurity defenses. Learn how ransomware attacks happen by reading our recent blog post, “Ransomware Targets Businesses of All Sizes.”

Here are best practices that our experienced team of IT experts has developed on things to do – and don’t do – to protect your business or help it quickly recover from a successful ransomware attack.

Ransomware: The Don’ts

  • Don’t set easy-to-decrypt passwords. This is always mentioned because it continues to be a huge security risk.
  • Don’t give all employees access to all files. They should only be able to access the files they need to do their jobs.
  • Don’t save only one copy of your data. If your data is encrypted, you need a backed-up copy to restore it.
  • Don’t keep all your data in the same place. If you have two copies but save them in the same place, they’ll both be encrypted.
  • Don’t overlook web and email filtering solutions.

Ransomware: The Dos

Ransomware is inexpensive and takes little effort to deploy for hackers. Recovering from a successful ransomware attack, however, is expensive, takes a lot of time to remediate and can be massively disruptive to a targeted business. But, some business owners still forego cybersecurity solutions that could protect them because of cost.

Remember: the ROI on the time and money spent deploying these solutions is quantified by your business never suffering a successful ransomware attack which can cost hundreds of thousands of dollars. Work with your managed services provider to implement cybersecurity enhancements.

Here are some protections you can put into place and best practices you can use to defend against ransomware attacks.

If you’ve been successfully attacked and your files are encrypted:

  • Unplug the infected computer(s) from the network and turn it off. This prevents it from infecting other workstations or your backups.
  • Call your managed services provider for help recovering your systems from back-ups, deploying your disaster recovery plan and beginning forensics on your systems.
  • Confer with legal counsel.
  • Notify law enforcement (local police and the FBI).
  • Follow your managed services provider’s recommendations for preventing another successful attack.

If you haven’t become a victim yet:

  • Develop comprehensive back-up and disaster response plans. Make sure your employees know what to do and who to call to get the organization back up and running as soon as possible.
  • Deploy a redundant, hybrid backup storage solution – storing your data both on-site and in the cloud. If one becomes encrypted by ransomware, you can restore the data with the other.
  • Conduct annual cybersecurity awareness trainings with your employees. It is key to train employees on how to spot phishing attempts and other forms of cyberattacks and how to protect themselves and the company against them.
  • Refrain from clicking on suspicious links or downloading files from senders from whom are you aren’t expecting attachments. These are the most common ways companies become infected with ransomware.
  • Ensure you’ve partnered with a security-focused managed services IT provider

Simpleworks is Colorado Springs’ leading managed services IT provider. Our experienced solutions team works with business owners who need customized cybersecurity and back-up and disaster recovery services based on their needs and budget. Give us a call or email us today to find out more about our managed service packages and how we can help you simplify your IT.

Ransomware Targets Businesses of All Sizes

,

Ransomware has been all over the news recently. If a company as large as Equifax can fall victim to a ransomware attack, you can be sure small businesses are at risk. No organization – no matter its size – is immune to attack.

Why Would I Be a Target?

Many business owners mistakenly think their companies are too small to be a target for hackers. In fact, smaller businesses with little-to-no internal IT staff are likely a much greater risk as they often can’t afford or don’t know about information security solutions, best practices and protocols used by larger companies. Hackers target small businesses for just this reason.

Ransomware hackers aren’t so much interested in your information as they are in getting paid. That’s why the average ransom is usually below $2,000. They depend on companies without the adequate resources to defend or recover from a ransomware attack to pay to decrypt their files.

Ransomware Attacks: What Happens?

Ransomware attacks often are successful because an employee clicks a link or downloads a file in a legitimate-looking email that then immediately begins encrypting all your files. For example, human resources may receive a phishing email titled “Resume” with an infected attachment. After downloading and opening the document, the hidden ransomware will begin encrypting files, and a message will usually pop up demanding a ransom be paid in Bitcoin to receive a decryption key from the hacker. Considering that most hackers aren’t ethical, there’s always the possibility that they may not provide you with a key to decrypt your files after you’ve paid the ransom – causing you to lose access to all your data.

Ransomware Attacks: What Should I Do?

If you fall victim to a ransomware attack, you should immediately disconnect your workstation from the network and shut it down to prevent other workstations and your backups from becoming infected and encrypted as well.

If you’ve partnered with a security-conscious managed services provider (MSP), you should call them so they can begin to perform forensics on your systems. They will look for the source of the attack and the vulnerabilities the hackers were able to take advantage of to access your network and files.

If you have working backups that aren’t encrypted, you can easily restore your systems to a state prior to the attack. If you don’t have backups and your information isn’t decrypted, you may have lost your information forever or be forced to recreate it.

You should continue to work with your MSP to implement additional cybersecurity solutions, conduct cybersecurity awareness training for your employees and consistently use information security best practices.

Finally, you should report the incident to the police and the FBI’s Internet Crime Complaint Center.

How Can I Prevent Becoming a Victim?

We believe in a layered approach to security. You can’t just have antivirus software. You also need advanced endpoint security, consistent system patching and so much more. Plus, you need working backups to restore your data if all else fails.

Cybersecurity awareness training is also key to maintaining a secure organization. Your employees need to be able to identify possible risks and avoid them. Your employees are often your best defense – and your weakest link.

Outsourcing your information technology to a managed services provider like Simpleworks IT can take much of the cybersecurity worry off your hands. Improve your ability to defend against cyberattacks by working with an MSP with experience and expertise in cyber security including back-up and disaster recovery, cloud solutions and more.

With expertise in back-up and disaster recovery, Simpleworks IT can help defend your business against cybersecurity threats and IT challenges. Find out why we’re Colorado Springs’ leading managed IT provider. Contact us at 719-476-0444.