For the last ten years, we have been fighting an organizational scourge that threatens all levels of the SMB marketplace. This problem is ransomware, is a malicious file distribution system targeting users of email by tricking them into installing malware. Once the program establishes itself, it will find all shared files that the user has permissions to view and encrypts them, so they are no longer accessible. For critical business files, this can be a disaster. Without a recent backup of the data, data is lost unless the organization agrees to pay the ransom. The most significant problem here is it empowers the attacker and provides funding for them to expand their operation to target other companies.
Why is this system so pervasive and why does your organization need to pay attention?
For starters, no matter the size of your company you are a target. Every business that contacted us for support after the attack didn’t think that they would they would be victims of a cyber attack. They felt their company size or obscurity would protect them from having to deal with a situation like this.
Some of the things to consider when reviewing network security would be:
Email security – a front-end cloud-based application that checks emails for malicious links and files and removes them before the end-user receives the email. This affordable service is a nominal monthly fee based on a per-mailbox pricing structure.
Test employees with an ethical phishing campaign and provides training to help them spot and stop these attacks at the source. Ethical phishing programs create “human firewalls” out of your employees and are both incredibly effective and cost-efficient.
Upgrade firewalls and maintain subscription updates. Updates will provide a high level of security as new threats are added continuously to firewalls via updates to protect organizations at the entry point to the network. Malicious websites and files are blocked at the network level with little to no intervention from IT support.
Review and update your backup plans! Too frequently cheap solutions to backup or no backup plan at all leave you wholly exposed in more ways than one.
Try shutting your server down for one day, hypothetically of course, and try to understand what it would cost your organization. Consider employee time for non-productive paid hours, customer service issues it might cause, credits or rebates for services not rendered that day, and any impact that might have on sales or moving forward. If you have more than a few thousand dollars in mind at this point, your backup plan needs an overhaul. With virtual servers and constant snapshots of your environment you can overcome almost any challenge and keep your organization running no matter what. Now consider that you can spend less to backup for the year than it costs to recover from a day or two without being productive.
It’s a difficult thing to say, and tougher for organizations to hear, but it is the time that all business’ large and small start to take the threat landscape seriously and protect themselves. With mass involvement, organizations can create a “herd” protection system, not unlike vaccinations where the fewer the targets there are, the less malicious hackers can profit from these extortionist schemes, and we should start to move towards a network landscape free from attempts like these.