By Jason Ryals, Chief Technology Officer at Speros
In the wake of another hospital falling victim to a ransomware attack, it is more important than ever to be vigilant when online. Ransomware is a type of malware that encrypts your company’s data so you can’t access it, and holds it hostage.
The encryption process doesn’t happen instantly, so you may not know your system is infected for a week or more. Once your system has been taken over, you will get a notice when you try to access your data that demands you pay a ransom in order to get it back.
Prevent Data Compromises
Ransoms can be anywhere from a couple hundred, to tens of thousands of dollars. The Cyber Threat Alliance estimates a total of $18 million in damages from CryptoWall Version 4. By paying the ransom, you are in no way guaranteed to get your data back. We’re talking about cybercriminals after all. The good news is there are measures you can take to protect your company data from being held hostage.
Back up Your Data
Regularly backing up your data is an important security measure to take in general. In the event ransomware takes over your system, a backup is the only way to recover your data without paying the ransom. In this day and age there is no excuse for not backing up your data. Programs exist to help back up your personal data to the internet, and a good IT company has the capability to create regular backups of your entire server, and store them in a secure, offsite location.
Keep Your Software Current
The most common way people become infected with ransomware is by downloading what appears to be an Adobe Flash or Javascript update. Googling for software updates should never be done. Always download software updates directly from the manufacturer’s website, or enable automatic updates within the program itself. This isn’t fool-proof, however, so when in doubt, consult your managed services provider. They should be handling your system updates for you.
Avoid Phishing Scams
Phishing is a malicious attempt to get access to your personal information or company data by appearing to be a reputable source. Emails can be sent under the guise of a person or business you are familiar with. These emails will ask you to click on a link and input personal information, or download a file onto your computer. Red flags that the email is not legitimate are attachments or links that end in ‘.exe’, ‘.vbs’, and ‘.src’, or receiving an encrypted fax in an email.
Follow Safe Browsing Practices
Keep your browser up-to-date. Whether you use Safari, Chrome, Firefox, or Internet Explorer, if you receive a prompt to update, do so. Browsers are updated to protect you against security vulnerabilities. Also, enable the built-in security features in your browser settings to warn you about websites or images that appear to be malicious in nature.
Do Not Use Unknown Devices
Believe it, or not, people have infected their systems with malware by plugging devices, such as USB drives, they have found into their computers. USB drives are pretty common place, and provide an easy way to share documents with colleagues. But, as we were taught as kids not to take candy from a stranger, if you don’t know where the drive came from, do not plug it into your computer.
Ransomware attacks are becoming more common, with more variants of this type of malware cropping up all the time. By staying informed, setting best practice guidelines for web and email usage in your business, and working closely with your IT company, you can prevent your data from becoming compromised.
Jason Ryals is the Chief Technology Officer at Speros. Ryals’ certifications include VMware Data Center, ADTRAN Technical Support Professional, SonicWALL CSSA&CSSP, Microsoft Certified Enterprise Administrator, Linux & A-plus, Cisco, and IBM AIX Unix based server systems. He has in-depth knowledge on troubleshooting Local Area Networks and Wide Area Networks, routing, VMware and complex software designed data centers, and SD-WAN solutions. For more information, visit http://www.speros.com, call 912-354-8900 or email info@speros.com.