I was chatting with a lawyer yesterday about cybersecurity and he mentioned that he has heard that law offices in our county have been hit with ransomware in the last few months. Law offices are a ripe target for ransomware because the confidentiality and integrity of their records are vital. Lose their records, lose their business. The same applies to many other small businesses.
What is ransomware? Ransomware is malicious software used by a criminal to deny the rightful owner of a computer system access to vital system resources and demand payment to restore the resources. Usually, ransomware encrypts data and demands Bitcoin or other untraceable cybercurrency payment for decrypting the data.
What should these offices and other small business do to protect themselves from ransomware? I suggest a two-pronged approach: prevention and damage control.
Prevention
Take steps to avoid a ransomware assault in the first place. The practices below are basic cyber hygiene for everyone that will lessen the chances of all forms of cybercrime.
-
Use a good anti-virus scanning utility. Keep it up-to-date and scan regularly.
Wondering which utility? Windows Defender, the default Windows 10 anti-virus is a good choice. It’s already installed, doesn’t get in the way, and does a competent job. Are 3rd party tools better? The anti-virus business is highly competitive. Which utility is best changes rapidly. I use Windows Defender myself because it is convenient, and Microsoft has invested in keeping Defender among the best, which is good enough for me. Whatever you do, use an anti-virus utility and keep it up to date.
-
Use only supported operating systems and applications and subscribe to automatic updates. New vulnerabilities show up every day. Accept the manufacturer’s help in patching up the holes as the appear.
If you don’t trust your vendor’s updates, get rid of their software. If you don’t, you put your business at risk. The only exception to this rule is when you have special software that is frequently broken by security patches. At that point, you are strapped and dependent on the maintainer of your special software. Avoid this situation if you can.
- Be cautious of links in web pages, emails, and messages. If a link looks dodgy, skip it. Be doubly cautious about attachments to emails and messages. If you are not sure where something came from, don’t open it. If there is a question, call the sender and confirm that it is legit. Links and attachments are the most common entry points for ransomware.
Damage control
If you are diligent in following these three practices, a criminal will have a hard time entering your computer system and might pass it by for easier prey, but you have no guarantee. Let your guard down an instant and you are vulnerable. A smart criminal who is intent on assaulting your system is likely to eventually succeed no matter what you do. However, if you plan ahead, the game is not over when you get a ransom note. Your backups are critical in recovering from a ransomware assault and a lot of other computer system mishaps.
- Backup your system regularly. I favor reputable cloud backup services because they tend to be automated and trouble free. The most likely time for ransomware to hit is the day someone forgot to run backups, or the janitor switched off the external backup drive by mistake.
- Test your backup system regularly. All backup systems are complex mechanisms that sometimes fail. Your only assurance that they are working is a recent successful test. I always assume that a backup system that has not been tested recently does not work. I have seen disasters in the aftermath of backup systems that were assumed to be working but were not.
- Protect your backups. Smart ransomware attempts to mash your backups. Put up barriers to protect them. Check the documentation on your system or talk to your IT technician on how to do it effectively.
- Have a plan. A rock-solid backup system is the foundation for recovery but consider what you will do the instant a ransom note pops up. I suggest immediately ceasing all activity, detaching from all external networks, and running a virus scan. Then contact an experienced technician for help. Do not shut the system down or restart if you can avoid it. Some recovery methods depend on recovering data from memory that disappears on shutdown or reboot.
Call law enforcement
Local law enforcement may not be able to help because the criminal is likely to be in a different state or country. Keep them informed anyway. Unreported crimes encourage law breakers. Some states have cyber crime task forces with real muscles that work with the FBI and the Department of Homeland Security to shut these operations down. If local law enforcement can’t help, report the crime to the FBI’s Internet Crime Complaint Center. (IC3) If cyber crimes are not reported, funds will not be allocated to fight cyber crime and laws will not be written or changed to reflect the injuries done by these criminals.
Consider cyber insurance
Cybercrime is not that different from conventional theft and damage. I understand that cyber business insurance is becoming more common. I am not familiar with the costs involved or the efficacy of the policies, but your business insurance agent is likely to be able to help. Nonetheless, remember that avoiding or controlling damage is less disruptive to business than insurance compensation and insurance seldom makes up the whole cost of an assault.
A final note
Ransomware and other forms of cyber crime are real threats. In 2016, over 1.3 billion dollars in losses were reported to the FBI. Those who take steps to protect their business will suffer less and may completely avoid becoming victims.