Email Christina Meek
Email Jenny Fish
Newsroom HomeBlogsStoriesSoundtrack ProjectNewsroom ArchivesChamber Home Page

Your Business Isn't Prepared to Survive Ransomware: Here's Why


luca-bravo-217276.jpg

Many business owners do not equate the threat of cybercrime with going out of business. Even if they acknowledge the threats, they are not acting as if it is a matter of utmost importance. This is especially true for small to midsize businesses (SMBs). The U.S. Securities and Exchange Commission (SEC) estimates that half of the small businesses that suffer a cyberattack go out of business within six months.

One of the greatest cyberattack risks to businesses today is Ransomware. For the uninitiated, Ransomware is a type of malware that encrypts your files and demands you pay a ransom, typically in Bitcoin, to regain access. There has been a marked increase in Ransomware attacks against businesses – and the ransoms that cybercriminals are demanding have grown larger. Ransomware netted a billion dollars in 2016, and experts suggest it will surpass that this year – not including losses due to stalled productivity.

You may be thinking, “This really isn’t a big deal. We’ve already been hit with Ransomware on one or two computers. We didn’t pay the ransom; we just reformatted the machines, and went about our merry way.” 

But, the cyber landscape is changing rapidly and recent variants of Ransomware are now attempting to land and expand from the initial victim’s computer to the entire network. In an exhaustive whitepaper entitled Ransomware: Past, Present, and Future, Cisco’s TALOS group warned that advanced Ransomware will, “pivot deeper into the target network, looking for credentials to escalate their privileges. The ultimate goal for this stage of invasion is to locate and destroy networked backups before mass-distributing Ransomware to as many systems on the network as they are able to access.” In other words, we are now facing a future in which RansomWorms will take over your entire network and demand a massive ransom in order to return your business back to its rightful owner.

Here are three behaviors business owners exhibit that ensure they are at the highest risk for cyber disaster:

1. Not Utilizing or Testing an Off-Site Backup
It sounds ridiculous, but this is the approach that some businesses have taken when it comes to data backups. From no data backup at all to tape backups that are stored in the same location as the server, businesses are gambling with their future. 

The Locky Ransomware variant seeks out files and folders labeled “Backup” and deletes them. It’s not enough to have off-site data backups; you need to test restoring your data backups to ensure that the integrity and availability of the data is preserved. Remember, just because you have data backups doesn’t mean that Ransomware recovery will be painless. There can be multiple days of down time for your users that are affected by Ransomware.

And while we are on the subject of data backups, it doesn’t do much good to have tested, off-site backups of your important files if you, or your employees, are still saving data to local hard drives. A Ransomware attack will encrypt files stored on the victim’s PC and, if you don’t pay the ransom, will be lost forever. 

2. Trusting Every Email and Link
People are generally trustworthy, right? If you receive an email that looks like it’s from your bank, a vendor, or client shouldn’t it be safe to open? Why would anyone take the time to mock up an email to fool you? Who has that kind of time and energy? Turns out, there is a lot of money to be made by sending out fake emails to you and your employees. 

It’s not just Ransomware that bloats the bank accounts of cyber criminals. Business Email Compromise (BEC) has cost businesses over 2 billion dollars since 2013. BEC, also known as the CEO scam, is effective because scammers send an email to the CFO, which appears to be coming from the CEO, asking for a wire transfer. This same approach can be used to trick you into thinking that the IT department is emailing you asking for your login credentials. 

The key to avoid falling for cyber criminals’ traps is: think before you click. If you are not expecting the email, don’t click on links or open attachments. Ensure that wire transfers require a two-step process, NOT just an email request. Also, no legitimate entity will ever ask you for your password via email.

3. Failing to Provide Security Awareness Training to All Employees
No doubt, you’ve made a considerable investment in your technology infrastructure:  anti-virus, SPAM filtering, web filtering, next generation firewalls, and so on and so forth. But, if you are like most business owners, you have not prepared your human firewall.

Your employees are either your last line of defense or your weakest link. Time and again we’ve observed companies that have extensive physical and logical security established, only to have their human firewall fail with the click of a malicious link containing Ransomware. 

Our tests found that, on average, 18% of employees will click on potentially malicious email links and attachments. You only need one employee to click on one malicious email to expose your network to Ransomware. 

 
No one wants to lose their business due to cybercrime - but doing nothing is not a strategy. Invest in and test a reliable backup solution. Be vigilant when it comes to email attachments and links. Provide routine security awareness training to your employees. These three, simple but powerful, things could save your business from Ransomware.




ProTech Systems Group is a Memphis-based talent and technology solutions company that has provided service to businesses for 25 years. They offer outsourced technology solutions, talent placement and IT management services, all designed to offer expertise with personalized customer service. ProTech serves as the official technology partner for the Greater Memphis Chamber and part of the Chamber's Affinity Program - Chamber members can receive free IT assessments from ProTech's engineering team. Click here to learn more!
Posted: 5/17/2017 3:19:02 PM | with 0 comments
Filed under: CyberSecurity, ProTech



Comments
Blog post currently doesn't have any comments.
Leave comment Subscribe



Is six = two ? (true/false)

THE M BLOG
The latest news from the Greater Memphis Chamber. For more information, contact Director of Communications Christina Meek at (901) 543-3504 (cmeek@memphischamber.com) or Communications Specialist Jenny C. Fish at (901) 543-3558 (jfish@memphischamber.com).

 

Syndication

RSS