From Capital One credit card applications, Yahoo email accounts and Equifax credit profiles, to vital records of police departments, municipalities and health care groups across America, dramatic data breaches make headlines all too frequently.
But the reality is that any business that works with valuable data whose loss could cripple its own viability or harm its customers and vendors is a potential target for a ransomware attack, a special form of computer malware that holds one’s data for ransom.
How ransomware works
A ransomware attack exploits weaknesses in a group’s computer network security and in doing so encrypts all the data on its network. If the data is reachable through interconnected computers or computer servers at the time of attack, it will be encrypted.
Encryption is a digital form of lock and key meant to keep data from prying eyes, either while it is stored digitally or in its transmittal through email or other electronic means. Many individuals will be familiar with the concept as a system feature on the Mac (File Vault) or Windows PC (BitLocker), or with newer email services that provide end-to-end encryption of messages from sender to receiver.
However, unlike grabbing personal account information from a bank, retailer or credit bureau that may be used to open fraudulent accounts or end up for sale on the dark web, the ransomware criminal isn’t interested in doing accounting services, running a plumbing supplies distributorship or collecting a city’s unpaid traffic tickets or property taxes.
It’s a form of blackmail. Pay up, usually in some form of untraceable cryptocurrency, or you won’t get your data back. Pay up and you still might not. No wonder one of the most famous of all ransomware attacks is named WannaCry.
Interestingly, the percentage of businesses experiencing ransomware seems to be declining, while the sophistication of such attacks keeps growing. Any present-day victim of ransomware should not expect any expert they retain to be able to solve the encryption code.
What can I do to prevent a ransomware attack?
Ransomware defense must combine comprehensive data security with employees who are well-trained in information security best practices.
Technically, the protocols that computers use to communicate with each other (either through local networks or the Internet), system software, programs like Microsoft Office, email programs and browsers all have vulnerabilities that can be exploited.
Ransomware prevention must include regular updating by a company’s IT staff or consultants with officially issued security patches of software programs in use, system software, email programs and anti-virus/anti-malware programs.
In some cases, older computer hardware will be more vulnerable to exploits if it can’t run the most recent operating systems or software and should be upgraded to accommodate their more advanced security features.
Regardless, user error is still a prime pathway for ransomware attack. Clicking on a fraudulent email (phishing) or a malicious web site only takes an instant—and, sometimes, that’s all it takes to be successfully attacked. Make sure that staff are alert to the possibilities for attack and are instructed to be careful. If something seems odd, it usually is. When in doubt, ask the IT department.
If all else fails
Despite up-to-date computers and software programs and the best human practices, mix-ups do occur and a business can still be hit with ransomware.
Some municipalities and health organizations, including those with outdated system software and programs, have been successfully attacked. In several well-publicized cases, these entities did not have accessible backups of mission critical data and chose to pay the data ransom. More surprisingly, some of these entities did get their data back.
However, the reality is that paying a ransom not only encourages bad actors, but there is no assurance that the blackmailer will do what they promise. The best course is to discuss these issues with consultants as part of regular IT security and business continuity planning and have secure backups of all mission critical data.
These considerations gain extra urgency as many companies move to storing data and working in the cloud (Internet of Things). While these cloud computing platforms do involve encryption and other security schemes, one’s data is still subject to ransomware, just at a different level.
Remember, your information is valuable. In it resides your business continuity; items held in trust for customers or clients, business partners and vendors; and your reputation. Protect it against ransomware by intelligently, consistently applying multiple layers of security.
This article was written for The Oakland Press and was originally posted here. Kelly Siegel is CEO of National Technology Management in Bingham Farms. Siegel can be reached at 248-658-0829 or by email at email@example.com.