In large companies, there’s usually an IT or cybersecurity department that advises them on what technology and software to install, how to maintain it, and what the best practices are for preventing vulnerability to threats such as cybercrime. However, if you’re a small business, you may not have a dedicated IT department or cybersecurity analyst to take on such a role. In a number of small businesses the proprieter is the resident IT guy (or girl), as well as CEO, treasuser, marketer and so on…
With this in mind, it’s not surprising that cybersecurity operations to prevent such attacks as ransomware commonly get put on the backburner or “later pile”. In today’s world however, this is quite a serious threat to ignore. As such this article outlines some basic steps you can take to reduce the threat posed to your organisation.
In 2016-17 there were 47,000 cybersecurity incidents in Australia. This figure was up 15% from the previous year according to the Australian Federal Government’s Cybersecurity Centre, and it gets even more grim. Cybercrime is expected to continue to rise and predicted to cost in excess of US$6 trillion annualy worldwide (Cybersecurity Ventures, 2017).
It is estimated there will be a ransomware attack on businesses every 14 seconds by the end of 2019, up from every 40 seconds in 2016 (Cybersecurity Ventures, 2019). Ransomware is among the most prevalent cybercrime threats in Australia and generally starts with a spear phishing attack (KnowBe4, 2019). An example of spear phishing is when attackers target a person, generally an unsuspecting employee with a malicious email that when opened or when a link is clicked, allows the attacker to infect the businesses network. This may freeze all operations and render vulnerable devices unusable except for correspondence with the attacker for ransom.
In a recent case, when the owner and manager of a small group of pharmacies in Western Sydney was away on holiday’s, an employee opened an email and clicked an innocent looking link. With that single mouse click, the ransomware was deployed on the company network causing the computers to freeze. Given that this was a pharmacy, company employees couldn’t access medical or pharmaceutical information to determine the needs of their customers, nor could they enter prescription details. In fact, they weren’t even able to access information on medications that emplyees often had to look up to convey accurate information to their customers. Add to this that no electronic payments could be processed, and it is clear that it was a very costly mouse click.
The pharmacist returned from vacation and was met with pandemonium. The only working program (apart from ransomware) was email, and it displayed an ominous message demanding thousands of dollars worth of cryptocurrency to restore all data and systems. The pharmacist called his IT support service for assistance, but sadly their was nothing they could do. Their advice was to pay up and hope the attack does what they say they will.
Ransomware attacks are devastating and can cause severe damage to the finances and reputations of affected businesses. Luckily, there are some steps you can take to protect your business from attacks of this type.
Almost all cyber attacks target out of date software. In the case of the wave of WannaCry ransomware attacks in 2017 that affected computer systems in 150 countries, there had been a fix available before the attack. Microsoft had released a patch for the WannaCry vulnerability weeks earlier.
The positive spin on this is that people who were diligent with their software updates weren’t infected. A good way for businesses to stay on top of this is to configure computers to install software updates as they become available. This can even be enforced for PCs on a domain or Network with a Group Policy Object or Network Access Control.
Antivirus software is invaluable and absolutely necessary for preventing attacks such as ransomware. As long as it is kept up to date, it can detect and prevent known malware from infecting your computers. That being said, don’t start thinking antivirus can stop everything. They are helpful, but not magic. They can prevent malware that matches malware definitions in their databases. To put it simply, it won’t stop what it hasn’t seen before. For this reason, you should do more than just install antivirus software.
This is possibly the best defence specifically for ransomware. Ransomware attacks only work if the target doesn’t properly back up their files. Nobody is going to pay a steep ransom to avoid the minor annoyance of having to restore their systems from recent backups. Thus if you back up your data properly and securely, cybercriminals can’t hold it for ransom effectively.
For security, consider backing up your files on a drive that is not connected to the main business network, or on a secure cloud storage solution. It’s best to have multiple backups in separate locations, to minimize the risk of data loss; even from other threats like hard drive failures and natural disasters.
Under new laws that came into effect in February, the Australian government now requires all businesses with a turnover of over $3 million to report any and all data breaches that would seriously harm people. The notifiable data breach legislation means business businesses can potentially face multi-million dollar fines for failing to report hacking attacks and breaches of private data. Hence, you should read up on the Legislation and have a plan in place for reporting data breaches and attacks.
Be very cautious of any unsolicited emails, popup windows and dubious websites that could potentially carry malware. To manage these risks, you can install a site security rating addon for firefox and an email client that blocks remote content by default. Neither of these tools will be able to help you, however, if you click on a link that you do not trust. Whether it be in an email, a website, just don’t click it, and train your employees to do the same.
Not everyone has the time to become a cybersecurity guru, but you can keep an eye out and pay special attention when you hear about the next cubersecurity threat. Keep an eye on news about cybersecurity threats so that you can avoid being a victim of new attacks and other emerging threats.
While it may be best to avoid a ransomware attack altogether, even well prepared companies can fall prey as cybercriminals develop new attacks and strategies. Inthe event that a cybersecurity incident occurs, a cyber insurance policy can help you mitigate the impact on your business. Cyber insurance can cover the loss of profit due to a cyber incident and the costs associated with recovering. Not only can it reimburse you for the payment of a ransom or costs of negotiating with those making an extortion threat – it can also cover the financial consequences of losing a customer, employee or commercially sensitive data (such as that required to be reported under the Federal Government’s new NDB scheme).