On May 12, 2017 the “WannaCry” ransomware attack began and was soon making headlines around the world. It exploited a vulnerability in Microsoft Windows, then encrypted the hard drives of infected PCs and demanded $300 to release the files. The attack infected over 300,000 computers in 150 countries, including telephone utilities, a railway, the British National Health System, FedEx, and the Russian Interior Ministry.
Here are four security tips to get you started—join us on [insert date] to learn much more!
Tip 1. Don’t assume you are safe.
Many individuals—and perhaps even some small businesses—assume that if they store no personal or financial information on a PC, there is little vulnerability if that PC is hacked. Nothing could be further from the truth. Cybersecurity expert Brian Krebs put together an informative graphic to demonstrate the many ways criminals can extract value from a hacked machine, including:
• Storing illegal information, hosting malware, or launching spam attacks as a web server
• Use as a Bot with a network of other hacked PCs to further a Denial of Service or Spam attack
• Reputation hijacking by accessing you or your business’ social media accounts
• Hostage situations like ransomware on a computer’s files or an email account
• Email attacks that might access corporate email and harvest contacts to use in phishing attacks
• And more!
Tip 2. Escape and evade by having a plan
An ounce of IT security prevention is worth many pounds of cure. Create a data security plan that makes good sense for your business.
If you don’t have enough resources in-house, partner with a provider that stays on top of all the latest anti-virus, firewall, and back-up technology, as well as threat assessments.
Not having a proactive IT security plan can cost your business much more than ransom. Ransomware can be covering up other more costly thefts of customer or financial information. Becoming the victim of a data breach can unnerve your customers, resulting in costly customer churn.
Tip 3. Don’t get hooked by email.
In a “phishing” attack, you receive a baited email appearing to be from a person or business you know. Inside it contains a link that hijacks you to a fake website and attempts to fool you into entering your email password or financial or identity credentials. Clunky phishing attempts can be spotted if you look carefully. The email may look hokey or even contain misspellings or uncommon phrasing.
A greater email danger is malware inside emails—particularly the kind that quickly exploits your entire contact list—the global email registry in many businesses. These attacks are becoming more sophisticated; online criminals are cruising social media accounts like Facebook to see the connections between you and those closest to you.
It can only take one employee falling for an email scam to wreak havoc across your organization. Good email virus scanning and filtering is critical for all organizations.
Tip 4. Never negotiate with pirates (back up your data)!
There is a cost associated with every minute that your business is knocked offline by ransomware. It can be very tempting to pay the ransom, especially for small business owners who may lack the resources to properly combat the problem. A study by Symantec found that 64% of end-users pay the ransom.
Having the right data back-up policies mean that you don’t have to pay internet extortionists. Having a reliable backup and recovery system is step one in preparing to defeat a ransomware attack. You’ll want day-to-day backups and longer term offline storage that could not be corrupted by an attack. Monitor the status of backups and routinely test the restore process and backup files.
Protect your company from attacks. Call us today to schedule discuss your IT needs.