INFORMATION TECHNOLOGY PART 5: PROTECTING FROM THREATS
This series of articles has covered issues of managing your business data, understanding how much data your business has, how passwords are created and protected, and how and where you back up your data. These articles have been leading to this: protecting your data from threats, natural, internal and external.
All the procedures and tips I have written about can help you protect your business data. However, there is no guarantee these procedures and tips will prevent a determined attack or natural disaster. The intent is should your business become victim of an attack or data breech, you will be able to recover as quickly as possible.
Previous articles mentioned, in passing, different kinds of data threats, internal and external. This time we’ll discuss a couple of different kinds of threats in more detail.
Hacking
Hacking is gaining unauthorized access to data in a system or computer. Hacking is not always done for malicious purposes, but more and more references to hacking and hackers designate them as cybercriminals and what they do as illegal. They can be motivated by financial gain, protest, revenge, spying, or even just for the “fun” of the challenge.
Hackers may be individuals, part of a larger organized group, or possibly sponsored by a government. An earlier article concerning password protection said you should change all passwords when an employee leaves to protect your systems. The article on passwords suggested that even if an employee left on good terms, that doesn’t mean they will stay that way or that in the future the person may want to try and make some money off of a vulnerability.
Hackers may be looking for specific information, names, addresses and social security numbers of employees, names and credit card numbers of customers, bank account numbers and more. Hackers may be looking for information about your business that would provide a competitive advantage to another business. Hackers may simply make subtle changes within your systems or on your web site to prove they were there.
How do you protect against hacks? The password protection and protocol article was a good first start. Next, download a reliable malware detection product that can both detect and neutralize malicious software. Make sure your software is up-to-date, download and install any software updates, making sure those updates are from a trusted and safe source. You and your employees should avoid unsafe/unknown web sites and should never download unverified attachments or click links from unfamiliar e-mails.
While it may be embarrassing, any hack should be reported. You may think your being hacked is a singular event when it could be part of a larger attack. Reporting the hack will alert authorities to the threat. You should also alert your customers and suppliers so they can be looking for anomalies in transactions.
Regardless, any time you suspect a hack has occurred you should immediately change all your passwords.
Ransomware
Ransomware is malware that prevents or limits users from using their systems by locking or encrypting all data. Often the infecting malware will delete itself after locking up the data, and a ransom is demanded to restore and release the data.
Ransomware attacks are almost universally about extorting money from the victim. Recall in the article about backing up your business data where a comparison was made between your data and your physical inventory. If your business suffered a theft of a number of bicycles that may have an impact on your sales, but you probably have insurance that would mitigate the financial impact of the stolen inventory. The loss of data would have the same impact on your business, perhaps even more so, but likely there would be no insurance to ease the financial impact or cover the ransom payment.
Protection against ransomware attacks utilizes the same tactics as protecting against hacking. Unfortunately, cleaning up after a ransomware attack is much more complicated than a hack. Your data is either locked or encrypted. The quickest way back is to pay the ransom demanded.
On the other hand, depending on how long ago the ransomware attack was, and how often you are doing backups, you may be able to recreate your data set from a previous backup assuming that backup was not affected by the ransomware. (Remember the 1-2-3 rule. If you aren’t sure go back to the article on backups.)
As with a hack, a ransomware attack should be reported to the authorities. In fact, that may become a moot point as many ransomware attacks become known because a specific company probably has become paralyzed because their data is locked up.
Should you pay the ransom? Most law enforcement agencies say no. A recent survey by CSO of businesses across different industries shows that 66 percent of the respondents say they would never pay a ransom. In a separate survey it was found that 65 percent of companies that suffered a ransomware attack paid the ransom.
Ransomware is a big business. In 2019 ransom payments were estimated to be $7 billion in paid ransoms and time/business lost. This represents a 15X increase over what was determined in 2017. Big ransoms and the large companies involved make the news, and those payments are sometimes in the millions of dollars. Today, the majority of large ransomware demands are in cryptocurrencies making tracing the money and who gets it more difficult.
On the other hand, most ransomware demands are against smaller companies in the range of $2,000 to $2,500 ransom. The payment of a ransom is often determined by a cost-benefit analysis of the amount of the ransom versus the lost time and business, making these smaller amounts more palatable, and mostly explains the 65 percent payment number above. Still here is the part of the equation that usually gets overlooked. Once a cybercriminal finds out you’ll pay, they probably will be back.
Leakware
Leakware is an offshoot of ransomware. This starts with a ransomware attack, with the attacker threatening to make public personal information from the data unless a ransom is paid. The exposure of confidential data often makes the targeted company nervous about possible liabilities and makes them susceptible to paying the ransom.
The protections and protocols mentioned above concerning hacking and ransomware apply to leakware as well.
The above threats come mostly from external sources. There are other dangers to your business data as well from internal and natural sources. I’ll address those in the next article in this series.
Regardless, the best defense for any of these threats is to not become a victim. The procedures and protocols that have been discussed in this series will help to preclude a successful attack. Your systems administrator should be taking proactive steps to protect your systems and data. Make sure you have that discussion with them.
Questions? Comments? Contact Steve Bina: steve@humanpoweredsolutions.com