How to Protect Yourself from RansomwareTodd Smith, Director, Information Security Practice | May 17,2017
What you need to do in the short and long term to safeguard your company and employees from cyber threats.
Over the last week, organizations across the globe were hit with a massive cyber attack involving ransomware. This is a type of malicious software that blocks access to your data, holding it for a ransom, until you pay the hacker to gain access to your files.
The “WannaCry” ransomware attacks have affected over 10,000 organizations in over 150 countries. Early intelligence reports say the ransomware virus was aimed at workstations with the Microsoft Windows operating systems and was possibly spread through a phishing email, or vulnerabilities in the organizations’ network security. Hackers were requesting anywhere from $300 to $600 to regain control of an infected machine.
The Impact of Ransomware
The scale of the attack is unprecedented, but not entirely shocking. According to the FBI, in 2015 companies paid a total of $25 million in ransomware. In just the first three months of 2016, the number skyrocketed to $209 million. Hackers today are more sophisticated and ransomware programs are now sold through the dark web, or through underground methods, at very affordable prices. “Hacking as a service” is obviously a profitable industry, with little to prevent it from growing.
You may look at this ransomware issue and think, “That’s not a lot of money to spend to quickly gain access to my computer.” There is no guarantee, however, that the hacker will provide the required key to unlock your data. The best ways to defend yourself from a ransomware infection is to have a solid data backup, teach your employees how to identify modern threats and ensure that your systems are being monitored and patched regularly.
How to Protect Yourself from Ransomware Now
Our security experts at Interphase Systems suggest two immediate actions to protect your company from cyber attacks.
The first line of defense in preventing a cyber incident is to train your employees. Many hackers are successful due to employees clicking on links within a phishing email without realizing that there is significant risk in doing so. Interphase Systems is dedicated to helping you create the most secure workplace and we believe this starts at the employee level.
Implementing a Cyber Security Awareness and Training Program in your organization is the fastest and most cost-effective way to ensure employees recognize and avoid these dangerous tactics. Our training program is no ordinary education module. We take a year-long approach that includes reinforcement training videos, periodic phishing tests and monthly reviews on who in your organization requires additional assistance in learning the signs of a malicious threat.
Have a Reliable Data Backup System in Place
The second action you can take is to implement a properly designed, full backup and recovery solution for your organization’s data. Many companies tend to forgo the expense of extending this crucial service to all end points, instead focusing on centrally stored data. Ransomware attacks, however, do not discriminate and will infiltrate all locations within a network, including data stored locally on computers.
Think of using this service as buying insurance on your house. Having a comprehensive backup and data recovery solution in place is imperative for your company’s business operations and recovery if you are hit with a ransomware attack. Instead of paying the ransom, Interphase Systems implements a continual backup program for you, replicating your systems multiple times a day, to retrieve your files from minutes prior to a cyber attack.
Note:If you have been hit by a ransomware attack and plan to restore your systems with a backup, ensure that you also install required software patches. Scan your system for any malware that may be lurking on your computers or network prior to the restore.
Safeguard Your Company with Long-term IT Security
In addition to these precautionary measures, there is more that you can and should do. Engage with a team of technology experts to monitor your systems. You should receive real-time reporting alerting you when systems are vulnerable, for issues such as patching compliance, offline servers and storage capacity. Additional layers of security can also be added including scheduled patch management, URL filtering, disk encryption and many other services to ensure your systems are up-to-date and protected.
With Interphase Systems’ managed IT service, we not only provide the monitoring functionalities, but we will also manage your backup and recovery for your computers and servers. Your systems are tested weekly to ensure backup and recovery are functioning properly and can be ready at a moment’s notice.
If you have any questions about how to protect yourself from these increasingly common cyber attacks, please reach out today to discuss your options with one of our experts. Don’t wait until it’s too late to implement these security practices and protect your company from the pressure of a ransomware attack.
One of the most popular questions that I receive, as it pertains to Office 365, is as follows: "When should I use Teams, Yammer and Skype for Business? Their functions seem to crossover." Many people have provided their insights in an effort to...
Are you ready to lose all your money, cancel all accounts, and probably experience a system failure? I’m sure you will never be ready for that, which is why it’s critical you recognize the anatomy of a phishing email to avoid becoming a victim. So here are several...
Password managers do more for you than just help you remember which password you used for different accounts. In this post, I am going to dig a little deeper into explaining what password managers do and how can they benefit your personal security and privacy. A...
On March 1, 2017, New York State released new regulations, titled Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500), for institutions regulated by the New York Department of Financial Services (DFS). This states that any organization...
You’ve been getting this annoying pop-up for days. You contact your IT Help Desk who asks if you would be able to send him a screen shot of the error message… but you’re not entirely sure how to do that. The “Snipping Tool” is a program...
What You Need to Know: A very convincing phishing campaign is making the rounds masquerading as a Google Docs invitation. If you click this link, there is a way to reverse it through Gmail Account Settings. Google is currently working on blacklisting all of the...