An interesting point to note is that CSI Systems was originally formed as a Cyber Security Investigations company, hence the name.
So just what IS ransomware?
Ransomware is a type of malicious software (or malware) that is a little more complicated than the simplistic explanation given on the NZ business website. It is essentially a piece of software that is accidentally downloaded and installed that locks and encrypts files at a given date and time (often referred to as a zero day vulnerability due to the fact that no knowledge of the issue is apparent until that given date and time). When activated at the given time it stops you from being able to access your files or computer systems.
Often, even restoring backed up files isn’t an option, as the vulnerability (the installed malware software) already exists in the backed up files, and may have been there for quote some time.
It’s not just bigger businesses that are targeted and there are no particular industries that are more vulnerable than others. If you work online, or even have internet access at your workplace, you’re at risk. The fact that the software can be installed from a link in an email, a carefully crafted attachment, or even simply a website that has been compromised somehow means that anyone who has online connectivity is vulnerable.
The attackers are generally financially motivated. They’ll try to extort you by demanding you pay a ransom to get access to your system and files again. The decision then becomes, do you pay the ransom (strongly discouraged, as you are essentially trusting these criminals with the promise they will let your files be unencrypted), or try and restore as much of your files as possible and get back to where you were before.
How you can protect your business
Prevention is better than cure. These simple steps can help protect you and your business from ransomware and cyber attacks:
- Be aware of phishing campaigns. Phishing is a common way that computers and systems get infected. Learn how to spot dodgy emails, websites or links that could be harbouring malicious software. Educate your staff about best practices in opening email and clicking links/opening attachments.
- Install anti-virus and malware scanning apps. Having software that actively checks attachments that are downloaded before being opened, or checking website URLs is highly recommended
- Regularly install updates on software and devices. This will prevent attackers from exploiting vulnerabilities which they could use to get into your systems.
- Implement two-factor authentication. Two-factor authentication is usually a code that’s sent to your phone or an authentication app to verify your identity. This is used in addition to a password and adds another layer of security to your logins.
- Regularly back up your business and customer data. This way if your data is lost or stolen, you can recover it quickly. Make sure you back it up on an external hard drive or on a reputable and secure cloud service. Offsite backups that are disconnected from the network are vital
- Talk to your IT team or service provider about setting up logs. They record when particular actions are taken on your website and systems and who’s done them. You’ll then be notified if any unusual or unexpected activity occurs.
- Have an incident response plan. No matter how well you prepare and how good your cyber security is, things can still get through the cracks. Have a plan that will help you take control of the situation if the worst were to happen. Know who to call and prepare by doing things like making hard copies of all important documentation in case you can’t access your system.
- Consider Cyber Security training. This doesn’t have to be in-depth. Given that the strength of any business network is only as strong as it’s weakest point, and that point is almost always human, it is imperative that businesses train staff to recognise suspicious emails and attachments, and even phone calls asking for information.
If you need any further information, or help with training staff to avoid the risk of a ransomeware attack, contact us at CSI Systems
