In the age of information, today's most valuable currency is customer data. Over the years, especially in recent years as cyber breaches have increased in frequency, the public demands that businesses take preserving customer information very seriously. Most companies understand the significance of asking for and storing their customers' data and do their best to safeguard this valuable asset. However, with hackers adapting and finding ways around security features, ransomware continues to be an ongoing problem for businesses and organizations.
For example, in 2016, email accounts at a university in Canada were held hostage unless the institution paid a ransom to the hacker....in bitcoin. The school coughed up the equivalent of $16,000 after a week of having their email encrypted and inaccessible. On U.S. soil in the same year, a California-based hospital endured a ransomware attack affecting multiple systems, including the hospital's electronic medical record system. To gain full access to their systems and data, the hospital decided to pay the approximately $17,000, or 40 bitcoins to end the siege.
Let's take a look at some steps your business can take to reduce the chances of a ransomware attack.
a type of malicious software designed to block access to a computer system until a sum of money is paid.
If your business is dealing with customer data in any way, including transactional information, addresses, etc., you need to be thinking about incorporating security measures to safeguard this information. Covering the basics is a start, such as ensuring your systems and networks are up-to-date. If you accept card payments for your services and/or products, using a secure website to collect card information will add a layer of security to your transactions. Ideally, you'd want your IT department hard at work protecting your networks and other systems. Even if your "IT team" is one person named Alex.
Let's be realistic though, for a small business it may not be financially viable to employ an entire IT team. Let's think about it a different way. Is it better to invest in long-term data security or risk losing all your customers' trust and business, which has taken you years to build?
Just as employees are the first people your customers interact with, they are the first set of people that intercept the majority of your business' communication—especially email. Email is one of the preferred tools hackers use to infiltrate your business' systems to deploy a ransomware-style attack. By incorporating IT security training into your new employee onboarding and conducting yearly reviews with current employees, you can help educate and inform your employees on precautions they can take to help protect your business and customers from ransomware attacks. Some IT teams will go as far as sending fake phishing emails to employees to gauge the impact of security training. The fake scamming emails help security teams determine vulnerabilities so they can deploy additional training. Educating employees on the signs of a malware attack will help to reduce your business' risk.
Having system redundancies may always feel like a chore when going through the process. Worse yet, you may see it as double work. However, if your business is hit with a ransomware attack and your systems and data are backed up elsewhere, you'll be grateful you took the time to think ahead. Conducting frequent system backups helps to preserve a "snapshot" of your programs at a specific moment in time. Even if you didn't update for a month or two, at least you'll have data from a month and a half ago versus none at all while under attack. Take the time to back up. Your future self will thank you.
No system or virus protection is 100% protective. However, you owe it to your business and your customers to take the necessary steps to protect their information.