A single email can cost your company thousands of dollars in the blink of an eye.
This nightmare scenario recently happened to a 100-employee professional services firm. An employee opened an email that linked to a malicious website. By the time the firm realized that some files were encrypted, hours had passed. Soon the company realized that multiple servers were encrypted.
The hacker demanded a ransom of thousands of dollars per user and server. The company ultimately restored files from a backup performed three days prior to the attack, losing hundreds of hours of work. It was an extremely costly disruption for employees and customer relations — without even paying the ransom.
This is a threat that every company faces, but it can be prevented. The expense of prevention is miniscule when considering the staggering costs of cybercrime. A recent Forbes article said that cybercrime will cost an estimated $2 trillion by 2019, and attacks on small and mid-sized businesses are becoming more common.
Protecting your business is crucial.
What is ransomware
Ransomware often silently infects your files, allowing your computer to function normally as it spreads. Eventually files become inaccessible, and the hacker demands a “ransom” to decrypt them.
Not paying means accepting data loss, but paying means trusting a criminal; payment often encourages further demands that can skyrocket.
How it invades
Ransomware often comes in an email with a free offer or appearing to be from someone within your organization. It may look like it’s from a commonly used site like Amazon or your bank.
Computer users instinctively hit a link or open an attachment from a trusted source. At that point, the machine — and potentially the whole network — is infected.
If you’re infected
As soon as you find an infection in your system, stop the malware from spreading. Disable all shared drive access and shut down the machines, then carefully review all remaining systems to ensure it’s fully contained.
Finally, restore data using backup files.
Reducing your risk means taking a number of steps to bolster defenses:
1. Teach employees about malware, how it enters networks and what to do if they suspect an attack.
2. Implement a business or enterprise-class firewall to keep many malicious programs from reaching your systems.
3. Run a centrally managed, up-to-date business-class antivirus program.
4. Filter mail and Internet to prevent many common attacks.
5. Centrally monitor systems to catch problems early.
6. Minimize non-business use of corporate devices.
7. Apply all critical patches, and run only vendor-supported operating systems and software.
8. Back up your files at least daily to enable recovery of most data in the event of an attack.
Protect your business
Many small and mid-sized businesses lack the in-house resources to actively fight hackers, but credible outsourced solutions are well within reach.
Whether you go in-house or choose a provider that delivers a strong team of IT experts, a small investment in protection may just save your business one day. ●
David Lazor is founder and CEO at Lazorpoint