November 1, 2016

    Prevent Ransomware: Save Millions by Securing Your Employees

    One of your employees hears a knock on the office door. He opens it and lets the looming visitor in. This visitor shows no signs of a threat, so your employee has no reason to be suspicious. The visitor then quickly and quietly maneuvers through the halls, locates some critical assets, locks them up and makes an announcement that if your company doesn’t fork over the requested cash, you’ll never see those assets again.

    Sound like an absurd scenario? After all, none of your employees would give a perfect stranger access to valuable company assets. Or would they?

    Metaphorically speaking, this is exactly what happens in a ransomware attack on your company’s network -- and the costs are staggering. “According to an FBI tally, ransomware attacks cost their victims a total of $209 million in the first three months of 2016, a stunning surge upward from $24 million in all of 2015.” (The Atlantic)

    As employees execute file sharing processes and cloud storage services to communicate and perform their responsibilities efficiently, many of them don’t fully understand all of the risks involved. If your business doesn’t have a formal file sharing policy to protect your data assets and information, you’re subject to suffering from serious financial hits in the event of a ransomware attack.

    The time to take action is now, and it all starts with educating yourself. Read on to find out what you should be doing to protect your business from ransomware criminals, and create a IT compliance policy that protects your company from attacks.

    Identifying Types of Ransomware

    Ransomware evolves with each passing day, as cyber criminals learn new ways of getting around network security features. Currently, there are two main types of ransomware that can be used to target your business:

    Lock Screen

    With lock screen ransomware, the attacker locks your system and then demands ransom in exchange for allowing you to access it again.

    “Lockscreen ransomware...causes a PC to freeze while displaying a message with the criminal’s ransom demand, rendering the computer useless until the malware is removed. While this is a nuisance for users, it’s survivable because it typically affects a single PC, and is relatively easy to remove -- it is the more ‘primitive’ form of ransomware.” (Information Age)

    Encryption

    Encryption ransomware is a more dangerous iteration. It works by altering your files and demanding ransom to have them decrypted for you.

    “Ransomware is frequently delivered through spear phishing emails to end users,
    resulting in the rapid encryption of sensitive files on a corporate network. When the victim
    organization determines they are no longer able to access their data, the cyber actor demands the payment of a ransom, typically in virtual currency such as BitCoin, at which time the actor will purportedly provide an avenue to the victim to regain access to their data. Recent iterations target enterprise end users, making awareness and training a critical preventative measure.” (2015 Internet Crime Report)

    The Unseen Consequences of a Ransomware Attack

    The FBI has advised companies that are victimized by ransomware attacks to simply pay the price. This is because the cost of battling an attack is typically much more expensive than paying the actual ransom. Think about how much productivity your organization stands to lose if a significant amount of files are compromised and kept from you. We’re talking potentially thousands or millions of dollars in wasted time and resources, as well as the inability to conduct business.

    This unfortunate reality is what makes proactive security so important for your company. Saving your business from millions in financial loss from a ransomware attack requires an aggressive prevention approach.  

    Thwarting Ransomware Attacks Before They Strike

    Think back to that employee who “opened the door” to a cyber criminal. How could such an invasion be prevented? Of course, educating your employees on the dangers of insecure file sharing is one important step, but there’s more that IT professionals can do to safeguard the business.

    A recent Tech Republic article advises IT leaders to adopt the following measures:

    • Keep clear inventories of all of your digital assets and their locations so cyber criminals do not attack a system you are unaware of.
    • Keep all software up to date, including operating systems and applications.
    • Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.
    • Back up all information to a secure, off-site location.
    • Segment your network: Don't place all data on one file share accessed by everyone in the company.
    • Train staff on cyber security practices, emphasizing not opening attachments or links from unknown sources.
    • Develop a communication strategy to inform employees if a virus reaches the company network.
    • Before an attack happens, work with your board to determine if your company will plan to pay a ransom or launch an investigation.
    • Perform a threat analysis in communication with vendors to go over the cyber security throughout the lifecycle of a particular device or application.
    • Instruct information security teams to perform penetration testing to find any vulnerabilities.

    It is critical to execute a layered approach to network security, including antivirus, web filtering and firewall technologies, and to maintain tight control over employee privileges. The best way to ensure that these practices are fully employed is to partner with an expert FTP service provider like Sharetru.

    What File Sharing Experts Bring to the Table

    Sharetru uses proprietary intrusion detection and prevention heuristics to monitor, detect and instantly blacklist any offending IP addresses. The blacklist is then distributed to our entire network of servers within a couple of minutes. For added security, we also block shell access to protect against hackers attempting to compromise the root operating system. Port 22 is reserved for SFTP and SCP protocols. SSH port 22 command line access is not available to anyone -- not even Sharetru technical staff.

    With Sharetru, you benefit from industry-exclusive controls at the site level, including deciding which protocols are active (FTP, FTPeS, FTPS, SFTP and HTTPS). In addition, only we have the capability to restrict site access by country. Our user-level controls enable you to require individual users to connect from a specific IP address and force them to connect over a certain protocol.

     

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts