By Dr. Eugene Slobodzian

Recently, there was more disturbing news, this time taking place in Winxnet’s home state of Maine. A computer virus infected the central server for a local law enforcement branch, holding their data hostage until they paid a ransom of $300.

This crime was the work of a virus, not a “hack” in the sense of the word as we know it. There was no human actively manipulating their system on the other end. Instead, this was a pre-calculated and automated compromise that could happen to any business of any size.

Small and medium-sized organizations are especially ripe targets, as their electronic data is often vital to their business operations. Unfortunately, criminals have figured out that even if this data has no direct value to the attacker (like credit card numbers), it must have value to the business.

I have consulted organizations after being struck with ransomware, and without adequate backups, the most cost-effective solution is to pay the ransom, and hope that they can get their information back. It appears that these attacks are on the rise, and they hit closer and closer to home. Here are three key points to consider when working to protect your information:

  1. Education and training. Most compromises start with a wrong click of a mouse. While healthy IT environments and policies are vital pieces, be sure that your IT provider and staff take the time to remain educated about the threats. Security awareness is a cornerstone of success. An ounce of prevention is worth a pound of cure, and this has never been more true with information security today.
  1. Backups, backups, backups. Just because you think your data is getting backed up, it does not mean it’s true. Take some time to assure that backups send completion notices and, most importantly, practice test restores periodically. These controls are important for a variety of reasons, not just because of criminal activity. Unforeseen disasters of all kinds can steal data and disrupt normal business activity. However, if you have all of your information backed up in a redundant and safe place, these disasters don’t have to spell “closed for business.” A strong IT provider will be able to offer you viable options, as well as reporting to prove that the solution is taking place. Also, make sure you interrupt your automatic backup process if the data becomes compromised with ransomware to prevent overwriting the good files with the bad.
  1. Stricter controls. The notion that one bad user click can spell disaster for the whole organization should be a thing of the past. There are a number of inexpensive controls that will allow your company to run securely. These include web content filtering, intrusion detection and prevention, and multi-layer virus protection. Your IT or information security provider can help you choose the right controls for the type of data you are protecting and your budget.

Compromises does and will happen, and hindsight is always 20/20. A crime like this can happen to any person or any organization. The majority of cybercrime is not targeted, but opportunistic, and it is important to remember that it just doesn’t happen to “other people.”

We are all targets. With the “pros” of increased availability and value of our electronic data also come the “con” of increased risk. If you are worried that your training, IT environment or security controls are not where they need to be in order to protect the lifeblood of your organization — your data — then it’s time for a conversation.

Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.