IT professionals, like myself, live and breathe in a world of technical jargon and frequently toss out vague but dire warnings to the non-technical as if they should heed our expert advice without question. For their own good of course. But I have always believed that knowledge empowers us to make more informed decisions and it can only be of benefit when the non-technical have an understanding of these warnings. Business owners have a lot on their plates running their companies, dealing with day-to-day challenges and planning for financial success, but providing an overview of basic cybersecurity concepts and the threat of ransomware is something that all businesses should have some knowledge.
I had a client recently ask me to help them understand the basics of cybersecurity, what ransomware is and how to prevent it. There are stories almost every day about big companies, hospitals and government entities being affected by massive breaches in cybersecurity so it is no wonder that a small business owner may be asking, “Is my company’s network and data safe?” Following is a summary of these concepts and I have included some of the basic principles and explanations that hopefully may be more digestible by the non-technical minded.
Ransomware – the most dangerous cybersecurity threat to companies today.
The bad guys are not just targeting large businesses – their software is indiscriminate and can infect even a small 1 person company.
Ransomware usually infects a company through an unsuspecting email or a bad website. No antivirus or email filter is 100% effective so the last line of defense is the wariness of the end user. Security awareness training can help a company keep its employees informed and vigilant.
Prevention – All incoming email should be filtered by a good cloud-based scanning solution. Additionally, all workstations, laptops and servers should have active an antivirus application running. But do to the way these threats are triggered and spread, unfortunately many antivirus apps may not be as effective to prevent ransomware.
Detection – If an infection does occur, the first thing people will notice is that many shared files will not be able to be opened. Usually in the same folder, a file will appear that announces that the company’s files have been locked until a ransom is paid by bitcoin to a private bitcoin account (which is untraceable).
Ransomware can also infect emails and cloud-hosted files. The virus travels through network shares (drive letters) from the person’s machine to the server or cloud host and it can also access the user’s hosted emails and infect the whole company’s email database in the cloud.
Remediation – If a company falls victim to a ransomware infection, the first thing to do is either unplug the network cables from the infected machines or shut them down completely, especially the server(s). Sometimes it may be hard to tell where the infection started, so you may need to shut off all systems and bring them up one at a time to find the source.
At this point it would be a good idea to call a professional to help evaluate and take the next steps to recover from the infection. Depending on what backups are in place, the recovery can be easy, difficult or impossible. You may have heard about the impossible ones where the only seeming recourse is to pay the ransom (which should never be paid, in our opinion).
However, with good backups, especially backups with built-in ransomware detection, you can recover from a ransomware infection within hours if not minutes. Good backup solutions have algorithms that detect the traits of ransomware like mass changes to file contents or extensions or security and they shut down backup immediately so the infected files do not propagate to the cloud backups.
Here are three things you should ask yourself to get into the right mindset:
- Where is your data? Server, workstations, hosted email, cloud storage, laptops, personal machines offsite?
- Is this data backed up? How frequently?
- Are your employees trained to avoid suspicious emails?
Infinity Networking can assist companies to take effective steps to prevent, detect and counter ransomware attacks.
For more information on these preventative measures, including a good email filtering service like Barracuda Cloud Control or Webroot Security Awareness Training, contact Infinity Networking for a FREE TRIAL of these services.