RansonCloud: what you need to know if your business gets attacked
Did you know that 79% of Managed Service Providers report that clients have experienced some level of business-threatening downtime? And that 14% of a total 45% of small to medium businesses that do pay ransom to a cyber criminal never recover their data?
The statistics are staggering but the threat to small business is very real. And scary.
Because cyber criminals can literally close a business down.
How does ransoncloud work?
As more and more businesses make the inevitable jump to cloud-hosted solutions for data and file storage like Dropbox, G-suite, Microsoft 365, Xero, MYOB, Salesforce and more, cyber criminals are exploiting vulnerabilities to hack into their IT systems and encrypt their files.
What this means for you is that you can no longer use or access your files.
Ransomcloud, or rasomware as it is commonly known, typically comes in the guise of a phishing email. Employees who click on a link or attachment launch the malware and it scrambles or encrypts the data on their work station in such a way that it is rendered completely unreadable, and effectively, useless.
Worse, if those employees have access to company files on a network, those files may also get encrypted.
You get the picture…
Every email in your inbox may become encrypted. In severe cases, whole databases full of customers may even be gone and there’s no way to get them back – that’s when you get the chilling pop up message on your system asking you to ‘pay the ransom’ and the files will be restored. Hence, the name.
Typically, it involves paying by Bitcoin, after which you are then sent an encryption key to “hopefully” recover your files.
But doesn’t the cloud protect my files?
One of the big misconceptions about cloud-hosting is that it is completely secure. It’s just not the reality. The cloud is not fail-safe.
Yes, large cloud-hosted applications will have multiple levels of security to prevent hacking (you’ll all be familiar with two step authentication, for example, for internet banking) but it’s the devious nature of ransomware and how cleverly disguised the phishing emails are that makes it so deadly.
It’s not always the case but sometimes phishing emails are so well designed (featuring logos, fonts and branded colours from big software providers) that it’s difficult to tell whether they’re fake or not.
And if your employees are in a hurry or just not aware of the threat? A few simple clicks is all it takes to infect the whole system.
Where human error is at play – which is always – businesses will be exposed to some extent to greater vulnerabilities.
So, what can I do to protect my business?
It starts with putting both a business continuity and disaster recovery plan in place to ensure you have efficient, backed up data files that work. You also need to check that the backed up data is checked regularly and is immediately deployable when required. Microsoft, for example, recommends that backups be kept in external, non-mapped or not-synced storage.
The name of the game here is to avoid downtime and missed opportunities with customers. Losing your data through ransomcloud is a hugely stressful experience and it can very costly if the encryption cannot be undone.
Consider an effective disaster recovery plan to be the best insurance policy your business ever invested in.
Disaster recovery is generally the responsibility of the IT department, but what if you don’t have one? Or you’re not sure what solutions they have in place? Or even if they work?
That’s where Expert can help.
If you’re not sure what to do about protecting your business data, give our team a call. Our IT technicians will be happy to run through a free security audit and offer some helpful solutions as to how you can protect your business. Call 03 9474 0044 now or email firstname.lastname@example.org.