October is Cyber Security Awareness Month:
In 2004 the United States Department of Homeland Security in conjunction with the National Cyber Security Alliance established October as National Cyber Awareness Month. In 2017 one of the more predominant risks and threats to all businesses and organizations is Ransomware.
What is Ransomware? In basic terms it is malicious software often referred to as malware that infiltrates your computer system. Once it gets into your system it typically encrypts your information, applications, operating system and your data, so you can no longer get to it or use it. Fundamentally, it takes away your ability to use your computer system, which can shut down your ability to do business. This can have an enormous impact financially on any business or organization, big or small, with small businesses and non-profits quite often being the most susceptible and exposed to this type of attack.
The motive for this kind of cyber-attack is largely about extortion for money, which we see ranging from hundreds of dollars to thousands of dollars demanded to release your system and files back to you. These demands will frequently ask for payment in a non-standard currency, such as bitcoin.
One of the biggest issues when you face a situation like this is; if you pay the ransom will you actually get your files and system released? Many times, companies have paid the ransom and they never get their files released or it is released and they think everything is all good, but the malware is still in their system and set up to lock it up again in 6 months, with another demand for ransom. Remember the people that create these cyber-attacks are criminals and you should not trust criminals who are breaking the law in the first place!
So, what do you do to plan and mitigate a Ransomware cyber-attack or any Cyber event?
First, make sure your system is backed up regularly, so you could restore your system and files as quickly as possible, with the least amount of downtime. Create a backup and recovery process and understand and plan how you would respond to a cyber event, not only to restore your data and system, but to make sure the malware is totally removed from your system. The quicker you take action the better!
Train, train and retrain your employees! Make sure you continually go over the threats of opening attachments and going to internet sites that may not be safe. Make sure you or your employees do not become complacent to what is an ever-increasing threat to your business. This should be an ongoing discussion in every organization, this is not a “one-and-done” training issue!
Make sure you do not delay software updates when they are available. Most updates are done to increase the security of your system or to patch an existing vulnerability that currently exists in your system, so when you are asked to update your software, do it now!
Lastly, consider Cyber Insurance, it can make the difference in whether your business can survive a cyber event. It has been said that over 50% of small businesses go out of business within six months of a cyber event and good affordable Cyber Insurance coverage is available today, to learn more call me at 918-720-0483!
Jeffrey Miller, LL.M.
Oklahoma Commercial, Professional and Cyber Insurance Agency, LLC
Managing Partner