The top technology concerns for 2020 will likely be important for both businesses and consumers alike. These include Cybersecurity, Privacy and more refined, targeted Ransomware. Although future articles will go into more detail about each of them, here are the basics and why you should be paying attention.
This term has been tossed around for so many years, most people cannot clearly define it but it is a commonly used catchphrase. Its origins evolved from society’s use of the prefix ‘cyber’, which in Greek has do to with steering or governance and was first popularized by a mathematician in the 1940’s with the term cybernetics. But over the years, attaching cyber- to a word makes it seem futuristic. So instead of computer security, or network security, people started using the catchy term ‘cybersecurity’. It is used to describe many aspects of computer or network security, but for more current application, it can be best described as an awareness of how we secure our use of technology to only allow access to our data to those entities whom we have granted access. In this definition, cybersecurity would encompass concepts such as password management, encryption, firewalls, network perimeter security, antivirus/anti-malware, authentication methods, etc.
Cybersecurity is not just for businesses. Computer data, both corporate and personal can be valuable to others, especially those who would exploit it. Therefore, we must be diligent in protecting our personal data as well as keeping our business data secure.
On almost a weekly basis we hear about a new data breach at a large company that has compromised the private information of everyday people. As a society, we can only trust that when we provide personal data such as name, address, date of birth, social security numbers or credit card information, this information is kept safe from the bad guys who would use it against us. But just as diligently as we strive to protect our personal data, others are constantly working to uncover it. Although we have very little control over our data once it is in someone else’s possession, we must still be diligent about whom we give our personal information. New laws in California and the European Union now give the public certain rights to review and remove personal information that we have provided. Common sense is the best defense when protecting your personal information.
- Only give your information for legitimate reasons to verified requests.
- Only give the information that is necessary and nothing extra.
- Be cautious and feel free to question anyone requesting your personal information.
In 2019, ransomware cost business more than $8 billion, with an average ransomware attack cost of $133,000. One of the most widely used methods that hackers are still using to extort money from companies and individuals is with the use of targeted ransomware. By gaining access to a computer or network, usually by an email attack or an exploited network vulnerability, the files and folders of a network are locked by encryption so the users can no longer access them. Conveniently, when someone tries to open an encrypted file, a notification will appear with instructions for how to pay the hacker to decrypt and unlock their network files. The ransom payments are requested by using untraceable bitcoin transactions and in most cases, the encrypted files are unlocked successfully. If the hackers did not follow through on their promise to unlock the files, no one would pay the ransom.
As a business or individual, if this should happen to your data, your options are limited. If you are diligent with your backups, you can simply restore your data from an unencrypted date before the hackers gained access. Or, you can lose your data permanently. Or you can pay the ransom. For some companies, it is easier and more cost effective to pay the ransom and many have done just that. Of course, this does nothing to combat this illegal activity and may even be encouraging its success.
Our advice regarding Ransomware is:
- Be diligent with your email – know how to identify a phishing attack
- Employ reliable and frequent backups
- Never enter your credentials from an email request unless you are the one initiating it (password reset, e.g.)
- Keep your computer security patches up to date
If you are a victim of Ransomware:
- Disconnect the network/computer from the internet
- Stop any backups that are running (you will be backing up the infected files)
- Restore your files from backup if possible
- Try to find the point of entry for the hackers (suspicious email, open remote access) and only reconnect to the internet once the method of access has been determined or you may end up back I the same place all over again.
- Contact an IT professional for expert advice