The U.S. Department of Justice stated that “More than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300 percent increase over the approximately 1,000 attacks per day seen in 2015.”
Essentially, no particular user, company or business sector is safe. Although the Healthcare and Retail industries are targeted for their volume and value of data, home computers may also fall victim to ransomware.
As I’ve stated in previous blog posts, ransomware or cyber breach events may lead to loss of confidential information and client files, loss of employee information, extortion costs, third-party IT forensic fees, legal costs, and reputation/brand damage. There is no better time than now to implement a strategic plan to protect your company and avoid becoming a statistic.
Here are a few things we know about ransomware:
- Ransomware “locks” your files through encryption and displays a notice that you must pay a fee to the hacker to obtain the key to unlock the files. The encryption is extremely difficult to crack otherwise.
- The encryption software usually infects computers through a contaminated email message or attachment. Websites or web links programmed with malicious code may also install the ransomware.
- Ransomware extortion fees are generally paid in Bitcoin, an electronic currency that is difficult to track. Bitcoin and advances in encryption software “might” be the reason ransomware is currently so popular.
The best defense against ransomware is to take a proactive approach to reduce the risk of an event altogether.
- Employee Training — Implement an awareness training program for yourself and employees to learn to spot phishing scams, spam mail, and fake webpages.
- Data Backups — Have a consistent, reliable system backup in place. If you decide against paying the extortion fee to unlock files, recovering from backups may be necessary.
- Spam Filtering — Ensure your spam filter and mail protection software or service is up to the task.
- Security Updates — Patch servers, computers systems, anti-virus software and mobile devices on a scheduled basis.
- Role Based Access — Limit user access to shared drives, files and folders on an “as needed” basis.
- Develop Written Documentation — Having a comprehensive Business Continuity Plan, Disaster Recovery Plan, and an Incident Management Plan can save your business when faced with a cyber security event.
- Penetration Testing — Conduct annual (or more frequent) tests to hack your own network and discover vulnerabilities in your security.
- Consider Cyber Liability Insurance — If an event does occur, the costs to remediate and recover may be significant. Many of the costs related to a cyber breach can be recovered or mitigated through a carefully constructed insurance program (which includes a stand-alone cyber liability policy).
Keep in mind that even the most stalwart defenses can be breached (as we’ve seen countless times over the last few years), so being prepared to take action should you be infected with ransomware is also a critical component of the proactive plan. Check back next week for Part 2 of this post where I’ll discuss what to do if ransomware does lock down your files.
Click here to request more information or if you have any questions regarding the implementation of a strategic cyber risk mitigation plan.