Following on from our previous post about Crisis Management, we today talk about Ransomware, otherwise known as a form of Cyber Attack.
While you might think that spying by a foreign power may be focussed solely on government institutions and they remain a strategic threat... thwarting ransomware has become a high priority for large businesses, medium sized businesses and should also be the focus of small businesses.
In ransomware attacks, hackers will encrypt your data on your hard drive, phone, or server and demand payment in a short amount of time, for it to be restored, or if you don't pay... they will delete it.
There are a tonne of different styles of ransomware groups out there, with some hackers acting especially professional... ie: selling the code off as a 'one-off' purchase to another group, for a share of the profits.
Gangs then plan their attacks meticulously, tailoring their demands to the size of the victim or their business.
I have read in some reports of small firms like hairdressers have had their computer held to ransom for small amounts like $2,500... while demands from bigger companies are in the millions. Sometimes in the tens of millions from major corporations. Don't think that it doesn't happen here... recently there was a TV company in Australia plus several small business in QLD targeted, and an international meat processor with branches in Australia. [UPDATE: I have heard that several local small businesses in the past 18 months have been targeted, some as recently as 2 weeks ago]
With attacks soaring in the past 6 to 12 months in Australia, you should do everything you can to protect your business.
First and foremost, you should have a computer security expert in your corner should the worst happen.
But before that, what can you do?
1. Monitor who uses your work computer (and have a computer which is ONLY used for work), and for what reasons are they using it? Make sure you know who, and what they are doing, ie: not playing games, going to sites they shouldn't, etc. AND... Make sure they are not downloading any files at all that have not been virus checked and scanned, which leads me to...
2. Make sure that you have anti-virus/malware and protection software that is up to date, pay a monthly or yearly subscription fee. Do whatever you can to protect your machine and don't rely on 'freeware' versions of software to protect you. Their databases are sometimes 6-12 months out of date, that's why they are free.
3. DO-NOT ever, EVER click on an email link that looks dodgy. Something that purports to be from your bank, Australia Post, DHL, or an online purchase, etc... could all be phishing emails (said: "Fishing" and they are seeing if you will take the bait and give them information they can use through links that are bogus). If in doubt, delete them, or call your institution through a phone number you look up, not the phone number supplied in the email. This is also a way they can gain access to your system.
4. Regularly back-up every machine on your network. Not once, but multiple times, using a Brother, Father, Grandfather backup method, ie: a backup rotation so you are not backing up data on the same drive, but different drives. So you back up onto drive 1 (Brother), next month or week onto drive 2 (Father) then the next time, drive 3 (Grandfather), then you rotate around to drive 1 again, etc.
With a hard-drive back-up being fairly cheap option compared to being held to ransom, I wouldn't quibble about the dollars and just do it.
But the most important thing to do is to talk to a computer technology expert about what you want to do. They can recommend software, hardware and even policies to protect you.
Use legitimate software and keep your anti-virus, etc software up to date... and that includes all of your operating software (I know updates are a pain - but DO THEM! - they close holes in the software that hackers have found, always update!)
Most importantly... be safe. Don't visit sites on the internet that are dodgy.