How Big of a Problem is it?
According to Cyber Security Ventures, Ransomware attacks have grown from a global economic loss in 2015 of $325 million to an estimation of over $20 Billion by 2021. To understand how often Ransomware is used, know that in 2019 alone, every 14 seconds ransomware claimed a victim. Just recently Garmin admitted that the 4 day outage they suffered from was due to Ransomware attack. Small organizations are targeted as well. Just earlier this month, for example, the Cooke County Texas Sheriff’s Office was hit by ransomware. In short, ransomware is rampant today and a threat to all organizations no matter the size.
Why is Ransomware so popular?
Simply put, money. Attackers know organizations will pay them to unlock their computers and data. Its a modern day version of high seas piracy but with lower risk to the pirate since they can attack from anywhere in the world. And because its working, they keep ramping up both the attacks and the cost for them to return access to your own business. How do these attacks happen?
Ransomware (really any Malware/Viruses) are spread in several ways including visiting internet websites, email, and USB thumb drives. Attackers no longer target specific attacks. Instead its a numbers game to them, they know if they attack “X” amount of businesses at once then they will get at least one successful infection. Typically the most prominent way attackers infect businesses is through Email. In fact I’ve seen figures run anywhere from 80% to as high as 91% of all cyber attacks on businesses start with email. Why? Because its an easy, low cost, solution for the bad guys to use. On a side note, even the vendors you trust you have to be careful with. For example back in 2016 the American Dental Association shipped over 37,000 malware infected USB drives to its members. The lesson here is threats can come from anywhere. Even trusted sources.
How do I protect my Business?
The good news is, it’s not expensive. Most of the basic security needs are already built into your Operating System and standard tool sets. Here are a few things you need to do at a minimum:
- Use strong passwords. The longer the better. Remember passwords are the keys to accessing your data. And its proven long passwords are more secure. I recommend you use Pass Phrases, what do I mean by this? Take some random words, put them together, add a couple extra characters in there and boom you got a super easy to remember password that is super strong. For example: Blabber-Visor3-Unrivaled is a great password that is also easy to remember. (Don’t use it though, it’s posted on the internet). I also recommend using a different unique password for every website you use. Better yet, use a password manager (which we provide) then you only have to remember a single password and let it handle the rest. Don’t forget to protect those passwords. You wouldn’t hand out the keys to your house or car, so view passwords just a valuable.
- Backup your Data. Backup backup backup. I cannot stress this enough. If you don’t have a backup then your business is at high risk. Also keep multiple copies as backups, just like normal data, can become corrupted. I recommend having something onsite for quick restores, and offsite for cold storage. Cloud storage is cheap, no reason not to invest in this to protect your business. Backup is vital so don’t skip on this.
- Modern Anti-virus. Their are several different endpoint security tools available but keep in mind they are not all equal. A good anti-virus should be able to protect you from all typical attacks including have Ransomware protection built-in.
- Turn on windows Recovery. Windows has a way to roll back if their are issues or unwanted changes. Turn it on in your control panel under Recovery.
- Never run as local admin. The first account you create in Windows has what is called local admin. Create a new account and use it as your “daily driver” to do all your work in. Use the admin account only when absolutely needed, such as installing software. Yes windows will require you to enter your admin credentials each time but that is a good thing. A lot of attacks can be greatly limited by doing this. Also, as in our first point, use a different unique password for each account.
- Keep your computer and software up to date. If their is an update, let it run. Updates fix security vulnerabilities.
What we covered today only covers the basics of security but its a good first step. Depending on your business needs their can be several other things you may need to do, you may even be required to do so by law. Do your research, and if you get stuck give us a call.