December 28, 2016
As if we don’t have enough to worry about with malicious programs infiltrating our computers and systems, here comes another one to add to the bunch. This time, the culprit does not erase anything nor does it cause your system to go haywire. What it does however is restrict you from accessing anything on your computer, with data being encrypted by someone else. The only way for you to gain access to your computer or your system again is to pay whoever did this the amount of money that they are asking for.
Yes, it seems like your computer, your system, and your data have been taken hostage and you need to pay a ransom to free it from whoever has kidnapped it. This kind of malicious software is called ransomware, and is one of the biggest areas where some companies lose money. It has been reported that in 2015 alone, companies lost somewhere around $325 million.
While some people may think that ransomware has indeed cost businesses hundreds of millions in ransom money, this is not the case. A huge fraction of the losses comes from the downtime that companies suffer when their captive systems are not released back to them immediately. It has been noted that majority of those who found themselves locked out of systems by these hostage takers usually experience two days of down time, which often costs companies between $5,000 and $18,000 per day in losses, depending on the industry.
So, how can your company avoid the problems that ransomware brings about? Here are a few things you can do to defend yourself from these attacks:
Educate users regarding such a threat – the problem with ransomware is that it can stem from one simple email, and when this is accessed by a single person, lockdown can occur for the whole system. Educating users involves teaching them not to open emails without being circumspect, being careful of clicking on any links that seem dubious, and to not accept nor open documents that are not on their list of expected emails for the day.
IT personnel should always take possible breaches of security seriously – If employees or users suspect that something is wrong, they should not hesitate to contact IT with this issue. IT personnel, on the other hand, should not dismiss complaints like these casually. They should at least check if there is some merit to the complaint, no matter how trivial it may seem to them.
Restricting downloads and access to certain sites – IT personnel should also keep computers safe from any intrusions by locking these down and not allowing any downloads without prior permission or authorization. This minimizes the chances of infection, and thereby reduces the probability of ransomware infiltrating the system. The same goes for browsing permissions. Sites that are not considered essential to the company, or do not pass security standards set by the IT department, should never be allowed on these computers.
Have backups ready for any possibility – having backups is your best bet for keeping things on even keel in your company. This is why it is a good idea to invest in cloud-based online backup and disaster recovery. This can help you access important files needed for everyday operations while you wrestle with solutions for trying to get rid of the entity that has held your system captive. This can minimize and even eliminate downtime, which is often one of the areas where a lot of losses happen.