Ransomware Doesn’t Stop with a Payment
If you think paying off a ransom demand to get back files is the end of your experience, you’re wrong. Getting to cough up a few bucks…well, Bitcoin…is just the start. Ransomware pirates are finding ways besides email to get access to your computer and all of your data – and they’re looking for long-term relationships, too. One tech columnist has sardonically suggested they need good customer service plans. You need a good protection plan.
Let’s start with some basics, which we’ve discussed many times before:
- Be extremely careful about clicking on links in an email, even if it looks like it comes from someone or an organization you know and trust.
- Personal email addresses get stolen and spoofed all the time.
- It’s very easy for someone to recreate a corporate look – such as for your bank – that looks realistic at first glance. (Seriously, does your bank use a Hotmail account?)
- Install and use anti-virus and anti-malware protection. Make sure update it, and make sure you update it from a legitimate site (see above).
- Install all updates from application software provider (but make sure it’s legit). Most patches and updates cover security issues.
- Back up your data files to an off-site server or, better yet, store them in the cloud. For an extra precaution, you can store files to portable hard drives, and keep them disconnected when you’re not backing up data.
One of the problems with storing data on a laptop computer, which many people do, is that when it’s stolen, your data can be accessed before any kind of Internet-based program kicks in to wipe your drive clean. All somebody needs to do it remove your hard drive and hook it up to a computer to see what’s on there.
If you have covered all the basics, you now face some new concerns, especially if you store confidential personal, financial or medical information as part of your business. You face additional risks because there is no way for you to control the security steps your customers or clients take. If they leave vulnerabilities, a hacker can use one person’s log-in credentials to see a lot more data than would ever care to expose.
You can protect your business and data in a number of ways – in addition to the steps listed above:
- Insist visitors to your website use newer versions of all browsers. As browsers age, publishers stop supporting them. You don’t want to expose yourself to their vulnerabilities.
- Encrypt your data and your emails. If you do a lot of email marketing or communicate confidential information, this is a no-brainer. Email services, such as Constant Contact, which we use, build in a number of security measures. Spend the money to take advantage of them; it’s cheaper than taking a financial hit (see below).
- Check with your insurance agent or carrier to see if E&O covers you for cybersecurity breaches. It may be an extra cost, but remember that insurance companies like to collect premiums, not pay claims. They are motivated to minimize your risk and should work with you.
The back story on these tips starts with a client who has two offices. In the “main” office, nobody uses the Internet. But in the other office, people used a remote desktop to access the system in the main office, and the security was weak. The link was not secure, and the passwords were simple. I was able to hack in using an iPad that still had a SIM card from another country, and the client could not detect that I was in there.
That should be a wake-up call for every small business to install and maintain security systems throughout their information management system. Ransomware pirates are getting more sophisticated in ways they can get into your systems and stay there – which brings up the “customer service” observation from Glenn Fleishman in PC World. Our point is not to scare anyone away from technology. Every advance – from the bicycle to space travel – has a risk-reward component, and we all know the rewards are great when we follow the proper precautions.
We’d like to leave you with three steps to take right now:
- Encrypt all data
- Never send passwords in an open email
- Look before you click – disguises are getting better and more numerous
Sterling Rose can help you design, install and maintain a cybersecurity program. Contact us by phone – 973-433-6676 – or email us to make an appointment to discuss your needs.