Hacking attacks and attempts are getting more sophisticated than ever before. The FBI recently issued a warning to both businesses and individuals, advising that ransomware is on the rise and detailing what steps to take to lower risk. With outbreaks like WannaCry (which impacted over 300,000 users), the Equifax breach (that impacted millions of users) and even the Uber outbreak, no business or individual is safe.
What is Ransomware?
Ransomware is a broad term for a type of malware that infiltrates and then takes over a computer network, locking the owner out completely. Once in place, the owner of the data or network has no choice but to pay a hefty ransom to the cybercriminals – or lose access to their own data, permanently. For cybersecurity in 2018 and beyond, there is no greater risk to cope with than the one posed by ransomware and the cybercriminals who use it.
Breaches are more than just costly nuisances. Equifax experienced far more than income loss after their highly publicized breach in 2017. The company made headlines and was harshly criticized by consumers and watchdog groups alike. It also had to take a variety of costly steps to secure data and help protect the consumers who were inadvertently exposed to risk via the Equifax system.
More Points of Access
The very technology that helps you run your business could also increase your risk. Innovations like Bluetooth devices, IoT connectivity and even smart phones could be used against you if they are lost or stolen. While many firms are opting for BYOD (Bring Your Own Device) programs to save money, these also add a layer of risk. There is often no way to know if an employee’s own device is truly secure.
When an employee can access your business from a remote location, you benefit in many ways; from easier and faster communication and collaboration to a happier, less stressed workforce. The downside, though, is that the device used becomes a portal or gateway right into your network that could be exploited. Educating employees on safeguarding these points of entry and on choosing secure passwords can help reduce your risk.
Phishing on the Rise
According to the FBI, one of the reasons ransomware is so prevalent is because of phishing. This technique is used by hackers to gain unauthorized access to your network and can lead to a variety of costly and potentially disastrous impacts your business.
A typical phishing attempt begins with an innocent-seeming email that asks the recipient (the target) to click a link or open a file. Often these are designed to look like they are coming from someone the recipient knows or within the same organization. Once the link is clicked, though, malware begins to download in the background, rapidly spreading through and infecting the entire network.
Educating employees about phishing can help them spot the signs – or at least question attachments and links. The employee who pauses and verifies a link before clicking could prevent a ransomware attack from taking out your entire network.
Your Employees Could be Putting you at Risk
Your loyal, well-meaning employees could be your greatest risk when it comes to ransomware and other cyberattacks. Ransomware of the type described above continues to trend heavily as we cross into 2018, and hackers are becoming ever more sophisticated about getting the details they need to access your systems.
An employee who clicks a link for an attractive offer – whether it is a free download, raffle entry, unauthorized images of a celebrity or a shipping notice—places your entire organization at risk. Even workers who are aware of phishing can still increase your risk, simply by choosing poor, insecure passwords. If members of your team are still using passwords like “12345” or “password”, then you have an increased risk and should educated them on password best practices. Even a secure password can be snatched if it is displayed in a public setting; writing your login credentials on a sticky note and then attaching it to a cubicle wall or monitor is just asking for trouble, but many employees do it.
Measuring Costs:
A single ransomware attack can cost an organization thousands of dollars; one South Carolina school district found this out the hard way in 2017. The Conway school district ended up handing over $12,000 in Bitcoin to hackers after administration was locked out of its own network by ransomware. Left with no choice but to pay, the school handed over the cash and was restored.
Once your system is taken over, you are at the mercy of the hackers. Preparing in advance is far less costly and can help prevent problems. From educating your employees about risk to shoring up your defenses, and most important of all, automating your backups, you can cut your risk for a fraction of the cost of a single ransomware outbreak. This method is a fast and easy way for cybercriminals to make money, so it won’t be going away any time soon.
Decide Consulting provides IT staffing services. Our conclusive hiring methodology enables us to bring the best IT problem solvers to your organization. Our entire management team comes from an IT technical background giving us a unique perspective on candidates and the industry.