– How did this happen?
– How can we get our data back without paying?
– How can we stop this happening again?
How can we get our data back without paying? – Clearly no one wants to pay the bad guys for ripping them off, so the obvious thing is to want another option. Because of the method they are using to encrypt your files, there is no way to ‘reverse’ the encryption. That means the only option for recovering the information is to obtain them from your backups. Remember above where we mentioned the virus can infect your backups? Correct – That is a scary thought. This is why ensuring your business backup system is prepared for scenarios like this. Remember when your IT provider (hopefully) was pressing why backups are so critical, why they need to be on a device that is secure and why you MUST have an off-site backup solution in place? It’s not because they were trying to sell you something that would help against a giant asteroid hitting the earth, Deep Impact style, it is because they have seen these types of scenarios. Off-site backups serve many different purposes such as fire, flood, system wide failure, etc but also in scenarios where your on-site backup can become compromised and this is a perfect example of where an innocent user could click on the wrong thing and accidentally wipe out your business files along with your backups if the system was not set up correctly.
How can we stop this again? – Glad you asked. Most people do ask this question and normally show a lot of interest in it while they are offline, but once things go back to normal and their day fills up with normal meeting requests and phone calls they forget the most important thing. Something needs to be done to better protect yourself against this in the future. While you can never guarantee you will never fall victim to these types of ever developing viruses, you can put some simple things in place which will better protect your staff, your data and your business from these outages.
- Layers of Internet Security. We can’t tell users enough that the more layers of security protecting the users the better. Anti-Virus is not enough anymore and should really act as a last line of defense. Why take the risk of allowing only the anti-virus on your staff’s computer being the only thing stopping them from taking down the company network? Some very simple things can be put in place such as web filtering and network protection that can assist in stopping the infection from ever making it through to your anti-virus. Web Filtering for example adds a layer monitoring what web sites your users are visiting and stops them from visiting infected sites, or the ‘bad links’ that are in those emails that sneak through your SPAM filter. Network Protection adds a layer of security to the traffic passing through your firewall, so should that infection happen, or a computer be brought in to your network that is infected, any internet based traffic is scanned and if it is malicious it is blocked (such as the infected computer calling home to get the encryption codes before it starts eating your files on your network). These and more layers of security can be implemented with a Next-Gen firewall and you can read more about such a device here: https://www.rodin.com.au/utm-info-page/
- Keeping your systems up to date. You have heard it before, but using old operating systems such as Windows XP and not keeping your systems security patches up to date are very important. Windows XP ran out of support two years ago and has not had a security update since. This means using it to browse the internet is just like playing Russian Roulette. It’s only a matter of time. We often take on new clients and perform a review on their updating only to find the built in updating mechanism was stuck and causing no machines on the network to be updated, with machines sometimes being years out of date and running very old web browser versions. This is not only a security issue, but can cause problems for your users when trying to do the latest things online. Patching is important and something that you need to ensure your IT vendor is managing on your network.
- Permissions. Although having everyone in your business have access to every folder on the network is easier to deal with, it’s not the best approach. We have seen this put in place and then 300,000 files locked up in a Ransomware infection in a matter of minutes. These viruses sometimes highlight just how many permissions a particular user has as it can be a real issue. The same rules apply regarding local administrator permissions for your staff on their computers. We understand you may want your staff to be able to install software from time to time, but that also means your staff can install viruses from time to time. Remember the office computer is a tool for business. You wouldn’t allow a staff member to modify their company car, so why let them modify their company computer? The less permissions the better and if that means an onsite manager needs a password to make changes to a computer or you contact your IT providers helpdesk with a change request, at least you can rest easy knowing you are taking the best approach to security.
- User Awareness. This is probably the most important item to address. The Internet will lie to you. There will be a website with an advertisement on it that promises a free iPhone. That Nigerian Prince is not really going to make you a million dollars overnight. The bank doesn’t really need you to confirm your account details and the State Debt Recovery Office doesn’t email pictures of you being caught at the speed camera. These scams have been around since the early 1990’s, however they used to send you something in the mail. Now it’s via email, or through an advertisement on a website or whatever the next easiest way to draw you in. It is very important that your users are aware of what they click on and if they are not sure, don’t click it. If they are trying to do something not so work related, then do it on their own time, on their own computers, off the company network.