Every year, thousands of businesses fall victim to online security breaches, and this number is on the rise. One of the most devastating cyber threats is ransomware, a malicious program that locks a user out of either their system and encrypts their files until they pay a ransom, usually via bitcoin. While the ransom amounts themselves can be very expensive, often the most costly aspect of the attack is the revenue lost while trying to regain access to important data. The most glaring example of this in recent memory is with the Baltimore ransomware attack in May, in which according to reports from NPR, the city experienced a staggering $18 million in lost revenue whilst trying to recover data.
Why don’t I just pay the fine?
You might be wondering, if I am going to lose so much money trying to recover my data, why don’t I just pay the fine? It must be less than how much I could potentially lose in the long run, right? Well, that might sound like a good idea, but you have to remember that you are dealing with criminals here. They don’t necessarily pride themselves on their strict moral values, so even if you pay the ransom, they may not release your data. In fact, now that they know you’ll pay, they may even try to exploit you for more money. You are entirely at their mercy. This is why most professionals agree that if you are the victim of an attack, that you should not pay the ransom. In order to avoid a situation such as this, businesses can take several steps to safeguard against experiencing a threat in the first place.
Make sure you are up to date
One of the simplest, yet most effective tactics to employ is to make sure that your OS and other software is fully up to date. Ransomware is constantly evolving and adapting, very similar to an actual virus. Updates to software typically fix weaknesses found in previous versions and block against the viruses that were exploiting them, much like a vaccine. Think about how each year a new and updated version of the flu vaccine becomes available to protect ourselves from the current strain of the virus, which evolves every year. It’s the same concept when it comes to protecting your computer.
Maintaining vigilant and safe internet practices
Another way that businesses can avoid coming face to face with a ransom is by maintaining vigilant and safe internet practices. If you’re interested, then you can refer to our article on the dangers of phishing here, in which we go into a this in little bit more detail. Being careful what you click on, using firewalls, and having a strong antivirus software installed on your systems are just a few steps that you can take to protect yourself from phishing scams that may be carrying ransomware. You can also ensure that your system is not configured to automatically run macros when an email attachment is opened. Malicious files may be hiding inside email attachments, but many can only be released when the user agrees to enable macros. Recently, hackers have been sending around an excel spreadsheet with macro-enabled Powershell, which then downloads the ransomware onto your device. It’s clear that hackers continue to get more and more creative when it comes to their phishing scams, which illuminates just how important it is to thoroughly train your employees in cyber safety.
Backups and disaster recovery
As mentioned earlier, ransomware authors are always tweaking their programs, trying to slip through the cracks of even a well-guarded system. What if despite all of the steps that you take to protect yourself, ransomware still finds its way onto your computers? This is where your best line of defense comes into play: Backups and disaster recovery. Backups provide businesses the ultimate insurance policy because they allow for essential data to be saved and stored in multiple and different locations, completely separate from your system. Therefore, if the data on your system is compromised by ransomware, you can always restore it using your most recent, clean backup, rendering the hacker’s threat obsolete. This, paired with an effective data restore procedure, can keep your business running as smoothly as possible in spite of the ransomware attack.
Health care providers are often even more likely to be targeted than the average business, because of the nature of the work that they do. Why? Health care providers have a lot of sensitive data, which also happens to be governed by privacy regulations. This makes them a perfect target, because there is so much at risk when it comes to patient privacy. While all health care providers are required to comply with HIPAA regulations, The HIPAA Journal recommends that healthcare organizations should view HIPAA compliancy as merely a strong starting point for their cyber security. Being truly secure requires professionals to take extra steps to ensure the safety of their systems, and therefore, the people that they care for.
Be prepared and take the proper steps
The digital age affords us benefits that would have been impossible only twenty years ago. We can store all of our information digitally, process payments online, or even work remotely from half way around the world. However, these benefits come with their own set of online dangers and responsibilities. Threats such as ransomware may be lurking right around the corner, but they don’t have to be scary as long as you are prepared. If you take the proper steps to make sure that you and your business are secured against these risks, then you are already one step ahead of the criminals that are hoping you stay in the dark.
If you are looking for Website Data Security in Portland or more info on ransomeware and your business, please contact ComputerHABITS today!