I love to talk with my extended family and hope each time the phone rings from them all is well but when you hear that dreaded sentence after the initial pleasantries, “I need some computer help”; my stomach drops. Not because I don’t want to help, because my life is all about helping people use technology, but because of the fear of the worst case scenario that might unfold. Just a few days ago not only did my mother call which is always a call I want to take but that worst case scenario did happen. After we talked for a few minutes she told me she had been hit by Ransomware on her personal home PC. I guess looking back at least it wasn’t her office PC. I had to call for help from my team of great support engineers because I was out of my technical depth pretty quickly. They had to do some research and review of the PC and in the end they were able to recover both her PC and files without having to pay the ransom which was outstanding. Thanks in great part to the PC being setup properly to be able to do that. But what can I share that might help you to do the same and maybe avoid getting hit all together? That is what I want to cover for you here.
First let me start by making sure you understand that Ransomware isn’t just here to stay but the instances of attaches quadrupled in 2016 and are expected to double again in 2017. One chart shows that 60% of all businesses will experience at least one system being attached in the next year. This would make it the #1 most likely way your business is going to expose data to the wrong people and have downtime events. Neither of which most of us can afford to have happen.
So what do we do to try and reduce this risk? Yes I said reduce the risk because there isn’t a magic wand or silver bullet for this. It is about reducing the likelihood of it happening not eliminating. First you have to educate yourself and your teams. Start by forwarding this BLOG post. Making people aware of the fact that they can take an active role is important. It helps both ensure they are aware but also for those that have already heard about ransomware it helps to remind them because ransomware’s most effective tool for getting into a system is human error and unintentional action. For my mother, like most, it started with an email that appears in that 1/10 of a second she considered it to be legitimate. This one came as a “You have a package at the post office. Use this attached form to claim it.” message. She gets packages and while the post office had never emailed her before it didn’t seem unreasonable that they might. There are a number of variations of this that appear to come from UPS, FedEx, IRS, Banks and others all in hopes that we will blindly trust them. So first, everyone needs to be a little more skeptical of emails that come unsolicited asking you to open attachments. The same goes for links in the body of the email. If you didn’t ask for it actively be sure to double check the sender, though they use some pretty good email address to fool you on that front or might have high-jacked an email account from someone you know. You can go to what you know to be the legitimate site and check things or email the sender you think you know outside of that email chain, by that I mean do not hit reply but craft a new message so to avoid sending something on to someone else, to ask if they sent you a message. Do this especially if the way it is written isn’t in keeping with how you know they write. I did that recently with a banking friend of mine. Found out he did send me the message but it seemed to be written differently so I checked.
The next big thing you can do is have a good backup program either for your individual PC or as an entire business. I suggest it should not be simply a USB Hard Drive you plug in and copy files because there are many of these viruses now that jump across to those drives and take those files too. Also in a business network they can jump from PC to PC and to your servers. We suggest a cloud based system/service as many of them can’t be infected by nature of their setup. That and they are automatic so you don’t have to remember to hook up something or run something manually. Even just putting files in an online file sharing system like Anchor, which is the one we use at Infinity, will protect you because it is setup to keep ransomware out and/or provide ways to role your files back. There are also software packages that work in conjunction with Microsoft’s “Shadow Copy” service to allow you to role your PC back to just before the infection. You don’t want to have to even get to this point because this takes time and effort to get your files back. But if you ever had to you will be glad you had set it up.
As I hope you already have realized these suggestions are pretty close to what I have suggested in the past for overall IT Security and Data Protection. If you want to talk more our team is here to help you; assess, design, deploy and manage systems and services to help you continue to educate and protect your data, so give us a call. And I would be remised if I didn’t say Thanks Mom for letting me use your event to help educate others. What’s your biggest issue with technology and business right now? As always feel free to drop me a line to talk.