The increase in societal demand to constantly adapt to new technology has led to more small businesses relying heavily upon technology in their daily operations. Technological advances such as inexpensive laptops and tablets at work, online file and data storage, and using web applications that increase productivity and communication, helped small businesses leap into larger markets, compete with larger firms, and in many cases, gain a larger share of these once untappable markets. Additionally, these advancements changed both how and where folks work with flexible working options for employees, like working from home, to connecting with customers via Skype and email, to maintaining websites that contain online stores, technology revolutionized the way we work and the way we interact with each other.
How well entrepreneurs and businesses adapt to new technology impacts the business both from a revenue perspective and a data compliance standard. With more and more customers leaning towards preferences such as automated billing and web-based payment, to cloud-based systems for communication and project collaboration, technology has revolutionized many industries. Unfortunately, this revolution carries with it significant risk.
While cyber threats used to focus on stealing personal identifiable information like credit card numbers and bank account information, like technology itself, cyber thieves have evolved. Unfortunately, this evolution created a malicious threat to a businesses day-to-day operations because of its impact upon your data. This ever growing cyber threat is widely known among individuals and businesses as ransomware.
What is Ransomware?
Like the name sounds, ransomware is a form of malware that cyber thieves use to infect your computer with malicious code which enables them access to your computer, your network, and all other connected systems so they can hold your data hostage. Payment for your data can take several forms – bitcoin, wire transfer, or the more sinister form of forcing you to infect others in exchange for the code that will unencrypt your data. Those behind the attack achieve this by embedding a malicious code in email attachments and pop-ups, baiting victims to click on them using social engineering. After clicking on the link or attachment, the malware covertly installs itself onto the computer, allowing the attacker to gain easy access and allowing them to search through files and navigate further through the entire system.
Using the malware, they can lock the victim’s keyboard, disallowing them access to their computer until they pay a ransom, which is typically a lump sum of bitcoin transferred into an untraceable account. In very basic cases of low-skill ransomware, the user’s keyboard becomes locked when it is taken hostage. In more extreme, higher-skilled malware programs, the type that are becoming more prevalent, the malware encrypts files forcing the user to pay the ransom to obtain a key to unlock those files. In extreme cases, an attacker will freeze a business’s operations or take their website down until a ransom is paid.
While the use of malware has risen for a little over the last ten years, it has emerged with incredible force and prevalence in the last few years. The number of cases multiplied 167 times over the last two years alone. Between the beginning of 2015 and the end of 2016, the number of ransomware cases reported increased from 4 million to 638 million, targeting everyone from individuals and businesses to hospitals, law enforcement, and educational institutions.
Why should businesses be worried?
For an individual with admin rights to a business or organization network on their computer, the threat of a ransomware attack is not just a terrifying possibility, it is an increasing likelihood. Many businesses, especially small business owners, may think they’re either too small or not relevant enough to be targeted by this malicious cybercrime, such is not the case. Any business with a digital footprint is a viable target. Large businesses face large ransoms, while smaller businesses face smaller ransoms.
Ransomware is also a credible threat those for businesses that actively backup their data and information on a regular basis. When businesses are targets and victims of ransomware, it doesn’t always mean your keyboard will be locked or your files encrypted. Sometimes, attackers threaten to publish confidential information about a business, think the Panama Papers leak from last year, in order to receive a bitcoin ransom. Other times, attackers will gain access to the back-end of a business’s website and freeze the website and even a business’s operations. For businesses who cannot afford to have a halt in production or have their website taken offline, the threat of ransomware is particularly daunting.
How can businesses protect themselves from ransomware?
1. Don’t download or click on any suspicious attachments or pop-ups
If your gut is telling you that it’s probably not a good idea to open that email or link – even if it’s from someone you know – don’t open it. If you’re suspicious of an email that someone you know personally sent you – reach out to them and ask them about it. Also, be wary of the URL address in the address bar when a site is asking you to log in to your account. Recently, a Google phishing scam fooled even tech-savvy users into giving scammers their login information by creating a replica of the Google login page that looked extremely similar to the real one.
2. Back up your data frequently
Outsmart the attackers before they can even take your data hostage by backing up any data or information critical to your business on a frequent and regular basis – this could mean on a daily basis. Some ransomware attackers seek out the backup systems to encrypt as well because they assume that businesses have backed up their data in hopes that restoring the system is their way out. The more sophisticated malware programs can gain access to your backup systems by entering through the desktop and navigating their way through the servers. So, businesses should not only back up their data, but back it up to a cloud-based system because most reputable cloud providers keep older copies of backups for thirty days or longer, depending upon your plan. If you don’t backup to the cloud and choose a local storage device, you need a rotating plan, and backups should be kept offline – – meaning it should not be directly connected to desktop systems on a continuous basis.
3. Keep your software up to date
Notifications that come from Java and other programs constantly reminding you that there’s a new update that needs to be installed can be a nuisance. However, those systems are continuously updated for a good reason. These periodic, and sometimes weekly updates typically contain patches that address vulnerabilities in the software and your system’s firmware. Keeping your software systems and firmware completely up-to-date will aid in keeping malware and other cyber threats out of your system. Ensuring your system’s security suite is up to date and running smoothly is also a major plus. Connecting with a business or an I.T. individual who can monitor your network and be there in case of a cyber attack is also recommended.
4. Educate Employees and Consider Cyber Liability Insurance
Informing your employees on what ransomware is and how to protect themselves and the business from the malware is an excellent preventative measure. This way, employees are all on the same page when it comes to what they should and shouldn’t be wary of online and that they know what to do if their data is taken hostage. It is important to reinforce the idea that it is o.k. to seek confirmation when an email purporting to come from a highly placed executive seeking the transfer of money or data.
There are multiple cases around the globe where financial offers at both private and public companies were duped into transferring millions of dollars based upon an email that appeared to come from the CEO without checking beforehand. Unfortunately for those individuals, not only was the money lost, but their careers were permanently damaged as well.
Some insurance companies offer cyber liability insurance, which can help cover the costs if a business has to pay a ransom to have their files unlocked and restored. Some plans under this liability insurance aid in providing immediate assistance with how to respond to ransomware.
5. Have a Plan In Place For When Malware or a Data Breach Occurs
All fifty states have some type of data breach notification law in place. It is important that you familiarize yourself with the requirements of the law in every state where you have employees, store data, or conduct business. Additionally, it is important that you adopt a plan for when malware or a data breach occurs. Some items to consider when developing such a plan include: 1) which IT professional will you bring in to help correct/repair the issue; 2) which lawyer or law firm will you contact to provide guidance concerning the notification laws, and other legal implications of being attacked; 3) which federal, state, or local law enforcement agency will you contact; 4) under what circumstances, if any, would you pay the ransom; and 5) do you employ some best practices so that you fall within safe-harbor provisions of your state’s laws.
For businesses that heed these preventative measures, the threat of ransomware won’t be a worry that keeps owners up at night. Many argue if your business does fall victim to ransomware, that you should neither negotiate nor pay a perpetrator. Not only will you end up paying a large amount of money, but there is no real guarantee you’ll even regain access to your data or files. However, the FBI admits that unlocking encrypted files is so difficult that if your business needs access to these files (likely because you haven’t backed them up or stored copies elsewhere), you might end up paying the ransom.
You should always report ransomware attacks directly to the local FBI office and file a complaint with the Internet Crime Complaint Center. Reporting ransomware, protecting your business, and working safely online is the only way to help prevent the continuation of cybercrime in the future.
If you have additional questions or would like a referral for an IT consultant, please contact me.