Go Phish
How to protect your system against ransomware attacks – and what to do if it happens
Ransomware attacks on businesses both large and small are skyrocketing. As our businesses become more and more dependent on computer technology for daily operations, losing access to your systems can be a devastating blow. You can lose everything from financial records to upcoming orders, making it nearly impossible to operate.
The key to protecting your business is to act BEFORE you’ve been attacked. As Benjamin Franklin said, “An ounce of prevention is worth a pound of cure.” Taking simple, common-sense steps to secure your computer network can keep you from being a victim of a random cyberattack. We’ve outlined some of these for you below.
Let’s start at the very beginning.
By now, you’ve probably heard about the standard security steps to take:
- Keep your network behind a properly configured firewall
- Run antivirus software on all computers
- Keep all software and hardware up to date on all patches and security enhancements
- Make all users login with long, complex, unique passwords (with 2-Factor authentication where available)
- Back up all critical data regularly
These are all critically true and need to be addressed. But they don’t tell the whole story of the steps you can take to protect your business.
Be careful who you invite to dinner
Did you know that few hackers ‘penetrate‘ the network they are attacking? Most of them are invited in. The most common method of access is through a phishing attack. Someone opens a link in an email or text message that appears to be from a trusted source. This link loads the ransomware onto that computer and it starts replicating itself across your network at lightning speed.
The vaccine against a phishing attack is staff education. Teach your staff to question any email with an attachment that looks odd.
- Look for spelling or grammatical errors, blurry images, or messages that don’t include the recipient’s name.
- Double-check the sender’s email address. It may look like it’s coming from a legit sender but, if you hover over the sender’s information, the actual sender’s email address may be something else entirely.
- Don’t open attachments that you weren’t expecting.
- Call the sender and confirm the authenticity of questionable or unexpected messages before opening them.
You can also limit your exposure by not allowing the use of personal email accounts on business computers.
Keep the server up behind closed doors
Running your server behind a firewall is a great start, but what happens if something gets inside the network? It’s a problem if some workstations are compromised; it’s a crisis if your server is attacked. Limiting access from user workstations to the server can be the difference between a bad day and a nightmare.
Alert can run on a secured server on your network or on one safely off your network (including a hosted cloud server) with access secured by VPNs (virtual private networks). User access to the server and data files is limited to just what each user needs to do their job. Data is segregated on the server so attacks can be further limited. Alert also allows your server to run a different operating system than your workstations, stymying many virus attacks. If you aren’t running Alert, check with your software supplier to see what options they can provide.
Back that (server) up
Backups are critical in the recovery from a malware attack, but not all backups are not created equally. Backups kept on-site in your offices are convenient but in most cases they are encrypted by the same malware attack that took out your server (plus what good is an on-site backup in the event of a server theft, fire or flood?)
Good backups are run automatically every day (or multiple times a day). They are securely pushed offsite to a protected server. Multiple backups should be kept at all times in the event the ransomware isn’t discovered until after the backup runs. And backups are only as good as how quickly and reliably they can be recovered in an emergency. Your backup service should demonstrate recoverability by restoring a backup into an unused folder.
Alert’s EasyVault service automatically backs up all relevant information daily (or more frequently if desired) to an encrypted cloud storage site. Backups are kept for a minimum of two weeks to ensure a restorable copy is always available. Alert regularly restores data from these backups to ensure it’s available if needed.
What to do if you fall under attack
Unfortunately, all of these measures could still fail and a ransomware attack can encrypt your data, shutting down your rental software and likely your business. The following advice has helped our customers who have found themselves in this position:
- Disconnect all your computers: If the attack has just started, you can limit the scope of the attack. In addition, you don’t want to further spread the infection through your email or network connections.
- Contact your local IT support: All affected computers will need to have the ransomware software removed before they can safely be reconnected to the network and used again.
- Contact your rental software supplier: You will need help reinstalling your rental application and setting your system back up. Find out how you can get priority service during this time. At Alert just tell us you are ‘Counter Down‘ to get all-hands-on-deck service.
- Get back up and running: If your server will not be ready to reload quickly, find out if you can run temporarily on another computer. Alert customers can reload on an uninfected local computer or be moved to a cloud server to get their operations back up quickly.
- Contact your backup service: You need to make arrangements to identify and restore your last successful backup. If you use Alert EasyVault, this is automatically part of reinstalling your rental system.
- Locate copies of recent reports & communications: During the time it takes to get your computer systems back up and running, you need to continue to serve your customers. Printed/emailed rate sheets, open order reports, dispatch reports and the like will help you keep up on existing commitments.
- Keep copies of everything you do: Once your system is back up and running, you will need to enter all of this manual activity into the computer system for billing and storage.
Ransomware attacks are a threat to every business and the threats are multiplying daily. Don’t leave yourself open to attack. Take steps now to reduce the chance of it happening to you and increase your chances of successfully recovering if it does happen to you. You’ll thank yourself later.
