Ransomware and how you can protect your business
30 June 2017
Recent ransomware attacks have caused disruption to businesses around the world. The potential for compromise of operations, business and client information have seen a significant rise in the use of cyber insurance policies.
Think of what such an event might mean to your business or even the loss of all of your personal information at home. Do you have clients to inform, if their personal or financial information has been compromised? The cost of reputational damage can be even larger than the cost of getting everything back online and is often difficult to quantify.
Unfortunately for businesses affected in recent attacks, even paying the criminals usually did not result in them receiving the key to unlock their files. The good news is that while the specific viruses, spyware and ransomware change, what you can do to help protect yourself and your business has remained relatively unchanged.
To help prevent a ransomware event causing serious damage to your business there are some simple steps that everyone in your business needs to follow:
- Make sure you back up data regularly - both online and offline (that is, on something not usually switched on or connected to a computer). Preferably, have incremental updates taken during the day.
- Make sure all computers have installed the latest Windows/Mac updates, and are using up to date anti-virus and anti-malware programs, with firewalls turned on.
- Many of the attacks start from clicking links or opening files in email messages so NEVER open attachments or click a link in an email that looks suspicious, doesn’t make sense or has a questionable address. Use caution with links in emails at all times.
- Always check the address that a link is going to (whether in an email or on a website) is valid and makes sense in the context of what you are doing. If you are a Commonwealth Bank customer, you would expect the domain name to end in .commbank.com.au. Be wary for extra words at the end of the domain such as .commbank.com.au.fake-domain-name.com to indicate something isn’t right. You can often “hover” the mouse pointer over a link and the actual address will be shown. If there is any doubt - don’t click!
- Don’t download software you don’t need or software from a site other than that of the person or company who created it.
- Make sure you have good password practises. Never use the same password for more than one site or service. Make sure your email password is especially secure. Always use long passwords; eg 24BJK6 is much less secure than ‘no one knows my pass word’ simply because of length rather than complexity. Use a password manager like Lastpass or 1Password to help you keep track of your passwords (it will also autofill them on their respective sites).