Will Rogers, Director of Government Affairs, willr@ineda.com
You may have seen headlines in the news recently regarding a ransomware attack involving an oil and gas company on the East Coast. It was another story on a long list of companies and individuals that have fallen victim to a malicious class of criminals that no longer put a gun to your head. Rather, these attackers use malware to steal your valuable business information, encrypt your files, and hold them hostage for ransom. And when a victim pays the ransom to get their files back, the cost can range from a few hundred dollars into the millions.
These attacks are widespread and pervasive, and for now there doesn’t seem to be anything the federal government can do to stop these marauders from targeting businesses. In the past 12 months, the estimated number of ransomware attacks in the United States was 65,000, including hundreds of businesses and organizations in Iowa and Nebraska. And as more businesses pay to have their files unlocked or to avoid embarrassment for not having better security in place, the problem will only get worse.
If you haven’t yet been a victim of a ransomware attack, you likely are taking the threat seriously or you may just be lucky. Here are some suggestions for addressing and being proactive about the threat of ransomware:
Take the problem seriously
We are all busy, but ignoring the threat of ransomware and other cybercrimes will not make them go away and certainly doesn’t prevent a future crime from happening.
Understand that everyone is a target
Attackers don’t care what you do or why you do it. They are going after anyone that can pay the ransom including churches, schools, hospitals, energy companies, small businesses, and big corporations. Even equipment dealers have been the victims of ransomware attacks. Never assume that it won’t happen to you.
Assign one of your staff to take the lead on protecting your company
Perhaps you’re a large enough organization that can hire a full-time employee to work on this issue, but the majority of members will likely need to assign the responsibility to an employee as part of their other job duties. It might be a younger team member who has a strong background dealing with computers, the internet, and/or information technology. Or you might ask an employee who has an interest in technology who just wants to learn a new skill.
Train your employees to view all email with suspicion
Phishing emails are the preferred method of cybercriminals to get inside your network and steal your data. Using social engineering practices, cybercriminals can trick your employees into clicking on embedded links or email attachments that download malicious software. Make sure your employees know what to look for and regularly test their awareness of phishing scams.
Don’t be afraid to get professional help
There are dozens of service providers that can help with prevention or help when your business has fallen victim to an attack.
routinely back up and secure your business information. And make sure to install security updates as soon as they become available.
Isolate your most sensitive data and critical computers so that they are not connected to a network or the internet
Don’t try to cover it up
If you have a security breach that exposes your employees’ and customers’ sensitive information, make sure to let them know. You may even be legally required to notify your customers and employees, and the loss of trust can be even worse. Know that most people will forgive you and they will understand the challenges regarding cybercriminals. And reassure your customers and employees that you will do better in the future.
Have insurance coverage for cybercrimes
Think of insurance as your final backstop. If you become a victim of ransomware, you will still feel some pain. Insurance coverage will help lessen it to a certain degree and hopefully make your recovery time quicker.
The future may bring better solutions for dealing with the threat of ransomware, but until then, you can follow these steps and greatly reduce your exposure to an attack.
For more information, contact Will Rogers at (800) 622-0016 or willr@ineda.com.