By Craig Ford – Craig is Senior ICT Security Engineer at Davichi Computer Services and a Cyber Security Consultant, Ethical Hacker, Sec Compliance Auditor, and Security Journalist – CSO.
In today’s modern world it is hard to ensure that you are doing everything you can to ensure that your business and client data is safe. Every day you will see more and more organisations falling victim to a data breach or ransomware attack. It is just part of doing business in the modern age we live in.
Businesses with sensitive data need to take steps to ensure they are as prepared as they can be to handle an incident when it occurs and it is the law that affected parties be notified of the breach. This is a massive brand reputation problem, this can ruin any organisation no matter how established they are.
What if your business ins under attack?
Let’s run through a scenario so you can understand what could occur and then discuss some things that could be done to help reduce the effects as well as recover from an incident. You are the operations manager of a small doctors surgery, your surgery has 5 doctors, a nurse and three admin staff not including yourself. That’s ten staff total, you have an onsite multi-server setup and a workstation for all of the staff which is maintained by your local IT provider. The servers are around 5 years old and backups are run each night over to two external HDD’s which are rotated with the newest one being taken offsite each day.
One day you are on your way to the office to help get ready for the day when you received a panicked call from one of the doctors saying that all the machines are locked up and there is a message on the screen that says “all your files are encrypted, to unlock your files email ** address and get price to unlock”. Your practice has been hit by a ransomware virus, you will not be running the practice as normal today.
You immediately reach out to your IT provider for assistance and they arrange for a tech to come out onsite as quickly as they can to help recover. Once onsite they confirm that all systems have been infected and that your backups have not been working for at least 3 weeks. You have only got backups from then to restore to. You discuss with them how it could have occurred and they indicate that it likely came through via an email, someone opened it and there was only free antivirus software to protect the machine. Which you can see didn’t stop it.
You are now faced with 3-week old data which is not acceptable or paying the $5K plus ransomware that will likely be asked for by the malicious actors now holding your data to ransom. Both are horrible options. This scenario is more common than you think but there are some things you could do to ensure that your business is not in this situation or at least minimise the effect if it does.
How to make your business cyber safe?
The first thing that every business needs to do is to make sure that they get the basics right to start with. Get a good backup solution and ensure that someone is getting notified when a backup works or doesn’t work. if your backups aren’t working then you need it resolved immediately, I would also suggest a more robust solution than just rotating external drives but if that is all you can afford at least make sure it works. Backups are your insurance policy when everything else fails so makes sure they can save you if needed. You need to know how regular your backups are and what is your threshold for worst-case scenario loss your organisation can handle if you had too. If you understand your limits you can take measures to ensure that is catered for.
Ensure systems maintenance is completed regularly with security updates and platform updates installed as regularly as can be managed in your organisation. Most breaches or virus gain foot holes in systems because known vulnerabilities are not patched. Don’t leave yourselves open to un-necessary risks when simple maintenance can help prevent an incident. Trust me the slight costs involved in ensuring this happens will be much more bearable than a systems-wide incident that could occur because you haven’t.
Free antivirus is not a suitable option for any business, yes it might be okay for your home machine if you don’t want to pay for a good quality one (would recommend you buy one though). You need to ensure that you have a least the minimum level coverage and in today’s environment, you should look at good EDR (Endpoint Detection Response) combined with a form of email filtering that includes what is called click protection to help keep your users safe. There is a cost for these types of services but it is not massive and they will protect your users from simple mistakes that could otherwise be a catastrophe.
The final thing that you all need to do is ensure that your users are trained, help them understand the risks, what they can all do to stay safe and to help keep your client data safe and secure. Yes, all of what has been included in this article is simple and mostly low-cost solutions that can make a massive difference to help protect your organisation.
Don’t risk your client’s sensitive data or your reputation take simple steps that can reduce your risks. You will be grateful you did, by either stopping an incident occurring or ensuring that you can recover if all else fails.
