LET ME SET the scene for you: you receive an email from the CEO of the company, official company signature, exactly as it would appear any other day and the email itself written in the voice of your boss.
The CEO states how well this quarter has been and offers to show you, a valued employee, their future projections and how they benefit you. You, of course, open the attached PDF. Why wouldn’t you? You’ve done so before, many times.
What happens next unfolds in what can only be described as a state of panic. Ransomware is making its way through your network, encrypting your data, financial applications and customer databases.
There will be questions you’ll begin to ask: Do we have backups of the data? Are they up-to-date? How quickly can we restore the data? How much is this going to cost our business and will we lose customers if their data is stolen?
This is exactly what is unfolding behind the scenes, but no one realises it just yet. The realisation sets in that there have been no backups for months as no one had been checking the backup notification logs.
The only option now is to pay the ransom – 5, 10, 15 bitcoins. The cost alone is crippling enough, with one bitcoin costing as much as €14,000 during the past week, but then you must go and purchase the bitcoin. This is no easy task and just adds to the hardship.
You’ve done all that and you pay the ransom, the hacker releases the decryption key (or not in some cases) and you get your data back, only to realise the hackers have downloaded your data while you were otherwise occupied in the heat of the crisis.
We’ve all heard of cybersecurity and ransomware but many honestly think it will never affect us. However, the reality is that more than 50% of Irish businesses expect to be hit with some form of cyber attack this year, according to one recent survey.
This in turn leads to loss of data, loss of business and an overall headache for businesses and its customers.
So, what can we easily and inexpensively do to prevent this from happening?
The most important thing is to back up your data. This should be done at least once daily. As well as backing up the data, make sure to check the backup logs to verify that your data is in fact successfully backed up.
Backups can be performed to removeable media such as encrypted hard drives, network attached storage (NAS), a secure cloud repository or a mixture of all these methods. It is also worth running regular test restores, which will ensure the integrity of your data.
In the event of data theft or loss, how quickly can you restore your IT systems, such as your accounting system, emails, and files? It’s vital for businesses to know this so they will be able to accurately tell their customers how long they will be impacted in the event of any breach.
Be aware of your recovery position and, with your IT team, develop and implement a disaster recovery plan. In the event of breaches, is there another location your business could temporarily use?
Another important step in protecting your business is to invest in a firewall, which protects your business from external attacks.
Connecting to the internet without having a firewall is a sure way of infecting your devices with viruses. We tell our clients to think of a firewall as the difference between having a front door made of cardboard or one made from steel!
Make sure to use a reputable branded hardware firewall – shop around.
These days, a huge amount of my work is done using my phone. Businesses can’t afford to continue to view their phone as a separate, personal device, when it’s hooked up to your emails, Dropbox Business account and so on.
Make sure you have up-to-date paid antivirus software on all your devices – phones, tablets, everything you access work files on. Malware can be easily downloaded, without your knowledge, so take the steps necessary and encrypt your data.
This might seem like an unnecessary point, but be conscious of your business’s paper trail. It is amazing the amount of times we’ve heard stories of clients losing valuable data that they had printed out and subsequently mislaid.
Try to avoid printing out sensitive data and, if you must print a document, ensure it’s shredded once it has served its purpose or make sure it’s kept in a secure location.
Never write down a password where it is easily visible to prying eyes. It might seem like a practical solution to stick the password to the spare office laptop, however, this could end up very costly!
Finally, change your passwords regularly. Put a notice in your work calendar to change the passwords every few weeks. Be sure not to use simple passwords, like the most common password in 2016, ’123456′.
These are simple steps and following them could save your business from financial loss and reputational ruin.
Paul Browne is the managing director of Hybrid Technology Partners, an IT solutions company, based in Limerick.