With the recent cyberattack on Apple Mac OS X, there have been many questions around the new generation of ransomware and what companies need to do to protect their data. Cisco System Inc. reported that the new era of ransomware involves a virus-like infiltration of a company’s system without any human action. This means that businesses can be hacked for months without even knowing or suspecting any suspicious activities on their systems.
Here’s a list of seven facts you need to know about ransomware and cybercrime and how it can impact even small to mid-sized firms.
THE RISE OF RANSOMWARE
Ransomware is a malicious virus that infects a company’s system blocking access to data. A user can gain control back by paying a fee in bitcoin, a virtual currency difficult to trace. Traditionally, ransomware was triggered by clicking on a malicious website, or as an attachment to a spam email. The new generation of ransomware exploits computer server vulnerabilities without requiring any human interaction.
RANSOMWARE’S BUSINESS IMPACT
In 2015, the FBI reported a loss of $24.1 million from ransomware and cyberattacks, including payment and estimated loss in damage. That number is estimated to grow larger in the next years. Additional negative impacts of ransomware attacks include loss in productivity, confidential data, liability costs and loss in reputation.
EVERYONE IS AT RISK
Single individuals are not the only people at risk; neither are enterprises solely the victim of ransomware. Recent events in cyberattacks have taught us that every entity possessing confidential data is at risk. This includes hospitals, universities, law firms and financial institutions. This includes small to midsized business.
RANSOMWARE ON MOBILE
If you thought your mobile device was safe, think again. The new generation of ransomware will focus more and more on mobile devices, where users will be asked to pay a fee to unlock their phone or iPad. This can be detrimental for companies that rely heavily on BYOD.
TRAIN YOUR EMPLOYEES
Offering security-training courses to employees is useful to empower your staff to detect suspicious activities and prevent any third-party infiltration. Employees might not be familiar with phishing emails, or Web activities that might open doors for criminals to enter into your system. Additionally, staff downloading apps to boost their productivity at work without asking your IT staff or provider first could lead to unpleasant situations.
BOOST YOUR SECURITY SYSTEM
2016 is the year of prioritizing your security system. While training your employees is a step forward in protecting your company from ransomware attacks, you also need to have a multilayered defense solution. Challenge your IT team to identify gaps in your current security system, ensure your antivirus is up-to-date, implement a data recovery strategy and regularly review your risk assessment. Take an active role in defending your company from emerging threats and you will be better prepared in protecting your clients’ information.
BACK UP YOUR DATA
If you are hacked, be prepared. You should not pay hackers a ransom to regain control of any data of which hackers may have taken hostage. This can be avoided if you have a solid recovery plan, which allows you to restore data quickly, should you be a cybervictim. This is especially important for health care providers, who need fast access to medical information and face daunting HIPAA penalties.
Cybercrime is no joke. The recent episodes of the Hollywood Hospital and Apple’s attack have alerted us that companies need to take action now to protect their data and their business. Dave Kinsey