The U.S. Department of Homeland Security: How To Protect Against Ransomware Attacks

With ransomware now a number one threat to businesses of all sizes, the DHS has gotten involved by placing tips on their website. Ransomware and other cyber-attacks cost American business owners millions of dollars each year. In spite of all the hype, many companies are still not taking strong enough precautions to avoid being hit.
It is estimated there were over 184 million ransomware attacks last year all over the world. Some are reported and some are not. Some are against businesses, large and small and some against individuals. The types of cyber-attacks are increasing as well and include cyber scams that some people have never heard of before. Below are just a few of the many:

  • Phishing/Vishing/Smishing/Pharming
  • Extortion/sextortion
  • Lottery/sweepstakes
  • Personal data breaches
  • Charities
  • IRS misrepresentation
  • Corporate data breaches
  • Lots more

As you can see by the list, today’s cyber thieves are staying awake at night trying to figure out new and more clever ways to bilk or cheat people out of their money. And most experts believe this trend will continue for years to come. Why? Because it pays off. Scammers are earning billions a year without really having to work for a living.

What Can You Do To Protect Yourself?

For individuals, it is recommended that people use stronger passwords and change them often. Be careful about opening emails from people you don’t know. If something seems too good to be true, then avoid getting involved.

What About Businesses?

Business owners have a lot more at risk. Some who have been hit with ransomware attacks have had to close their doors. They were not able to recover. Though this is very sad, it should be a lesson for all. There are some very simple things you can do to make sure you’re ready if an attack occurs. Many of these are not expensive or time-consuming. It’s just a matter of putting together a strong cyber security plan and then executing it.

What Does the Department of Homeland Security Recommend?

Train your employees-Employees continue to be the biggest risk associated with cyber theft. Just one careless employee can open an email or an attachment and before you know it, a dozen computers are infected with the virus. Once this happens, you must act quickly to save your data and prevent the spread of the virus.
Perform regular data backups-Whether an individual or a company, it’s important to have your data backed up regularly. Individuals can use an external hard drive or thumb drive. If all your data gets deleted, it can easily be restored if you have a recent backup. Businesses need daily backups done because they accumulate data, files and records so quickly. These can be backed up to the cloud or onsite, but it’s important to test these backups and make sure they’ll work if need be.
Stay informed-Too often, business owners get busy focusing on their daily operations. They aren’t aware of the new ransomware and malware attacks. If you have an in-house IT department, make sure they’re staying on top of all security-related issues. If you work with a managed service provider, then they will know all about the latest and biggest cyber security threats.
Update and patch regularly-Your computer and software programs must get regular patches and updates to avoid new cyber scams that are released each week. Most programs can be set to receive automatic updates when they’re available.
Take advantage of the best preventative measures-Make sure you’re using the best anti-virus and firewall software. For businesses, good security requires a layered approach. Common methods are just not enough anymore to protect your data base. Ask your managed IT provider for the latest and best methods of protecting data from intruders.
Be careful about opening suspicious emails-Cyber thieves have become experts at making an email look exactly like it comes from Apple, Microsoft or Amazon. When people see these familiar logos, they let down their guard. If you get an email that says it’s from Apple and you need to reset your password, don’t click the link in the email. Instead, navigate to the site the way your normally would. If a managed provider comes out to train your employees, he or she will stress the importance of never clicking on those links in emails.
Encryption-This is becoming a more popular way to protect yourself against intruders. When emails are encrypted, they cannot be read by anyone even if they are intercepted. Encryption methods are getting easier and more user-friendly.

What Can You Do If You Become the Victim of Ransomware?

Unfortunately, companies all over the world get hit each week with ransomware demands. Recently, a marketing firm became a victim when an employee opened an infected attachment. The virus quickly spread to a dozen computers. They called their managed service provider and got help hastily to stop the infection from spreading.
The MSP shut down the whole system to stop the infection. Next, they started wiping all computers and reinstalling the data and apps. Yes, this process does take time and require IT professionals to help, but it can save your business.
In another case, a small medical clinic was similarly hit with a ransomware virus. They didn’t have recent backups of their data and they did not have a relationship with a local managed IT service provider. Though the ransom demand was only $6500, they made the decision not to pay. This is a gamble that can pay off because sometimes cyber thieves will just make the demand and if they get paid, fine—they’ll take the money and move on. But if they don’t get paid, they’ll move on anyway without destroying your data base.
This turned out to be a bad decision. The cyber thieves destroyed all their medical records including patient files, tests, surgeries, and personal information about the doctors and staff. In the end, the clinic had to close their doors. Their losses were just too big to recover from.
Though this is a sad tale, it demonstrates the fact that most people are not well-trained to deal with hackers. Managed IT service providers have years of training, experience and skills that the average person doesn’t have. They can help you prepare for cyber-attacks but they can also help you decide the best course of action if the worst happens.