Simple Steps

CoreRecon offers five tips for protecting your business against ransomware attacks.

By: John Martinez

Every day as I look out my office window at the beautiful water gleaming across the Corpus Christi Bay, I glance at my computer screen to see that I get emails that fill up my inbox asking me questions concerning ransomware attacks, which is also known as the “CryptoWall” virus. So here are my thoughts on this so-called hijacking virus. (I hope you’re sitting down for this.)

Many security experts and law enforcement agencies predict that cyber crime will become a serious threat to small businesses and health care over the next few years. Large corporations and health care facilities may be more attractive targets in terms of financial resources, but they usually have better Internet security than smaller companies. However, use of “ransomware” in cyber attacks is something every business owner must be aware of and protect against.

Ransomware is a form of computer virus that encrypts the victim’s files and data. Cyber criminals demand fees to release files they have made inaccessible, and refusal to comply can have serious consequences. Surveys indicate that ransomware incidents increased by as much as 500 percent between 2013 and 2015. Attacks come in various forms, with emails and fake software updates being particularly common. Small businesses are a popular target for cyber criminals; following these steps can help reduce the risks of becoming a victim.

1. Educate staff about the risks.
All staff who use IT equipment or access the Internet must understand the potential risks of ransomware. The company can help reduce those risks by offering basic information and training on the hazards of opening email attachments and visiting potentially harmful websites. Allowing staff to use company IT equipment to access social media accounts and private emails can open the door to cyber criminals.

2. Back up data regularly.
All modern businesses rely on data and information, and it’s essential to back this up as regularly as possible. If the worst happens and systems are infected with ransomware, recovery is far easier if you have a daily backup process. Backing up to external hard drives or independent Cloud storage systems is a proven method of mitigating cyber crime.

3. Install software protections.
The value of firewall and antivirus software should never be underestimated. As the name suggests, a firewall acts as a barrier between your IT equipment and the outside world. It filters the data being sent and received, and blocks anything that breaches pre-defined rules. Antivirus software safeguards computers from malware, viruses and other malicious programs. It’s important that software protections are updated regularly, as cyber criminals are constantly developing ways to bypass and defeat them.

4. Plan for an attack.
A business has a far better chance of recovering from a ransomware incident if plans are in place to deal with such attacks. Customers may have to be advised if the business can’t fulfill orders, and expert help may be needed to remove malicious code from systems. A plan and contact details should be printed and stored in a secure location rather than kept in digital form.

5. Arrange cyber insurance.
Insurance against cyber crime has been available for some years now, but few businesses have seen the need to buy cover. It’s increasingly likely that financial losses will result from hacking or some other form of cyber attack rather than a break-in, so all businesses should consider this form of insurance. A good policy can cover the costs of investigation and remediation of a range of crimes, including data theft and extortion.

Ransomware attacks can be devastating for a small business, but simple steps can dramatically reduce the threat. Business owners and employees must understand the risks of using the Internet and take reasonable precautions to avoid cyber crime.

John Martinez is the CEO of CoreRecon. For more information, call 800-955-2596 or visit www.corerecon.com.

Photo courtesy of CoreRecon

Posted in Uncategorized