02 FEBRUARY 2017
Ransomware – not just for big businesses
Cyber-attacks made the mainstream news in 2016 with the Yahoo breach, the DDoS attack that affected sites including Netflix and the hacks during the USA election cycle. Already in 2017 we've seen a massive ransomware attack (WannaCry) that has affected organisations globally.
These types of attacks are no longer the problem of big businesses, with Barclay’s reporting that 48% of SMEs were victim to a breach in 2015. The data held by SMEs is valuable to cyber criminals, and ransomware attacks are on the rise among smaller businesses.
What is a ransomware attack?
A type of malware that encrypts the files on a device or network and demands money (usually bitcoins) to unlock the data.
Why are cyber criminals attacking small and medium businesses?
The more business that is done online, the more data that businesses store. Whether it’s an accountant or lawyer, a small retailer, a tradesman or building firm, all of these groups will store information on their PCs or connected to the internet. Client contact details, financial information & sensitive information regarding the law or health are all stored on CRM, the cloud & emails.
How to avoid ransomware attacks and deal with the consequences - actionable tips for SMBs
Prevent
- Backup your data - preferably you’ll have an offline backup and you can use remote data backup too
- Don’t leave your data backup connected to a computer - if you backup to a USB or hard drive, disconnect it from the PC
- Limit administrative rights to only those who need it
- Use antivirus software to protect your systems from ransomware attacks - but note that anti-virus doesn't prevent 100% of attacks
- Keep your software up to date. We know that updating your software can be a bit of a nightmare, but new releases often include protection against new forms of attack that you would be vulnerable to without the update
- Use the “show file extensions” function on your computer’s settings to spot malicious file types (.exe .vbs .scr for example
- Educate your users to spot dodgy attachments and links and not to open email attachments from someone they don’t know, this includes texts as well as emails
Damage Control
- If you do spot a rogue process, disconnect the machine immediately from the network and internet to stop an infection from spreading
- Appoint someone within your organsiation or an IT support company to manage the prevention and management of malicious attacks
- Have a plan in place that details how attacks should be identified, dealt with and then reported
Ransomware can cost businesses thousands of pounds, but the ramifications extend much further than just paying the cyber criminals to release the data.
The Information Commissioner's Office (ICO) is responsible for enforcing the Data Protection Act (DPA) in the UK and has a range of reform and punishment options at it's disposal. It can currently issue fines of up to £500,000 to companies and even prosecute those who commit criminal offences under the Act. Damage to your reputation, loss of customers & decreased productivity also affect businesses that are breached. The National Cyber Security Alliance reports that as many as 60% of businesses who suffer a cyber attack go out of business within 6 months.
PCM offer remote data backup and anti virus solutions for businesses across the North of England. Contact the team for more information.