An article by: Evan Leonard, President, CHIPS Technology Group
Traditional thinking is that you could install a firewall, have
complex passwords and you were safe from cybercrime. Not anymore, because the most vulnerable part
of your business and network, are your employees. The criminals are getting smarter, they know
we are inundated with hundreds of emails and way too much busy work. We have programmed our brains to just click
on anything. even if it looks out of place.
That type of behavior will shut down your business and you risk losing
clients and money.
The viruses that are unleased onto your network encrypt
files the user has access to whether on their local desktop or your corporate network. The only way to recover these files is to
restore from backup which could take hours or days depending on your software, hardware,
process and how much data we are talking about.
Otherwise you may have no choice but to deal with the unpleasant
experience of paying a ransom. If you
pay the ransom, the criminals will provide you with a private key to unencrypt
the files. The tricky part of paying
ransom is you have to pay it in Bitcoin
– criminals want the transaction to be un-traceable. Do you know how to get ahold of Bitcoin and
know what it is worth? By the way, you better hurry as the price increases the
longer you take, and the key often has a time bomb. When the time expires, the files are locked
forever. This form of payment is
crypto-currency and can take a week or more to fund if you don’t already have
some at your disposal.
This happens to businesses almost every day and in fact happened
to a large hospital in Los Angeles just a few weeks ago. The ransom was in the amount of 9,000 bitcoin
or almost $3.7 million. The hospital
lost access to all their files, they didn’t have adequate backups. Patient care was compromised for a week, and
new emergency patients had to be routed to other hospitals because their
systems were down. http://www.cnbc.com/2016/02/16/the-hospital-held-hostage-by-hackers.html
The best method of protecting your data is education. The criminals are getting very creative and
preying on the naiveté of employees. These
emails come as something that looks benign - especially when they are not
expected. They might have something in
the subject or body that looks to be a legitimate email.
All employees need to understand what they are clicking on
and that can be accomplished through training videos or classes. All companies need to take these attacks more
seriously before they become a victim.
The FBI has been inundated with these types of crimes and is essentially
helpless. Most of these attacks are from
people living in other countries.
In order to minimize your chances, there are some additional
measures you can take. Some of these
actions might be inconvenient so the risk verse convenience decisions will have
to be weighed. Your security defenses
can tighten up such as your firewall or you can limit employees access to shares
on the network. Your firewall and
content filters can block potentially bad files. They will also block expected files so these
file will need to be released manually by a network administrator. It is imperative to understand what your
users have access to and that it is not more than they need. Another measure is making sure your server’s
security patches are up to date.