Given that data is now more valuable than gold, Cryptolocker is one of the biggest cyber-threats out there.
Once a Cryptolocker or Ransomware attack has entered your system, it spreads like wildfire encrypting everything in its path, in some cases even your backups. A pop-up window may appear asking you to pay a ransom fee (hence the common name – Ransomware).
Not only will the infection cause a fair amount of work to clean up including recovery of data, but a data breach may damage trust and rapport you had built with your clients. So, when it comes down to it, it is worth investing in Cyber Security.
If you do get infected, it is strongly recommended that the ransom fee is not paid.
It may seem like an easy fix to minimise business downtime; however, it will not stop them infecting your system again, especially now that they know how to get in. Additionally, there is no guarantee they will unlock your files if you pay the ransom.
Now, you might be thinking that because your business is only small, it would not register on a cyber criminals’ radar and therefore you don’t have as much to worry about. To the contrary, small to medium businesses are a much bigger target due to limited budgets for cyber security defences.
Thinking of your company as “not worth hacking” is what will get you into trouble.
Some statistics to keep in mind when it comes to SMB Cyber Security (courtesy of the Australian Cyber Security Centre – ACSC):
- 1 cybercrime is reported every 10 minutes (The ACSC receives approximately 144 reports of cybercrime a day.)
- $300 million per year – Estimated annual revenue losses to cybercrime.
- 62% of SMB survey respondents have been victims of a cybercrime.
“If you spend more on coffee than you do on IT security, you will be hacked. What’s more, you deserve to be hacked.”
– Richard Clarke, former US National Coordinator for Security, Infrastructure Protection and Counterterrorism
There are several ways to help ensure your business is properly protected:
- Security Assessments – Have your systems assessed annually to identify any potential vulnerabilities or points that cybercriminals could use to gain access to your system.
- Employee Security Awareness Training – Ensure your staff are trained in what to look for when it comes to the cyber threats including phishing emails and attachments.
- Password Policy – Staff need to make sure their passwords are strong and secure (not written on notepads or too simple i.e. “password1”). Changing passwords regularly is no longer a reliable way of protecting your data. Today, the experts are recommending a passphrase (maybe your favourite quote or song lyric).
- Multi Factor Authentication – Implementing Multi Factor Authentication will add another layer of protection on top of a password as you need both the password and the user’s phone to get into the system.
- Software Updates – Make sure your infrastructure and software are kept up to date to avoid having any weak points of entry.
- Business Continuity Plan – Having a business continuity plan helps to minimise downtime if disaster strikes. This would involve making sure you regularly back up your data to an offsite location that enables easy restoration. Small businesses have been put out of business due to the financial repercussions of losing their data with no other means to recover it.
- Cybersecurity Plan – A cybersecurity plan is also a vital part of running a successful business in today’s climate. This will help to prevent an attack in the first place. You will want a reliable, good quality firewall and antivirus to start with.
For more information, to book in a security assessment or assistance with setting up business and cybersecurity plans, contact your IT professional or us here at ONGC:
