How to avoid being hacked: 4 lessons from the CryptoLocker attacks
If you’ve been following our Blog and our social media channels lately, you’ll have seen that we’ve been reporting on some fairly serious CryptoLocker attacks that have taken place over the last few weeks.
The incidents caused hundreds of thousands of pounds worth of damage to company data and have highlighted the severity and intelligence of this latest breed of ransomware attacks.
While this specific spate of attacks seems to be dying down, the threat is still far from gone. So we’ve taken away a few lessons from the events of the last few weeks to help you and your business avoid being hacked.
Lesson 1: Learn to identify threats
Cyber-attacks are evolving. While we may have come past the age-old ‘Nigerian Prince’ scam, the principles of an attack remain fundamentally unchanged.
A hacker, generally speaking, only gets into your system if someone lets them in. Sure, some have the tools to bypass your security systems, brute force your passwords or hack you remotely, but the fact is – you’re probably not worth the time those methods require (sorry).
The most common and cost effective method of beginning a cyber-attack is through malicious emails. These can be made to look very official but will contain links to fake websites or downloads that contain a virus or even the dreaded CryptoLocker. Look out for fake Paypal and Amazon emails!
Remember, your weakest security point will always be your employees. So help them identify fake emails that are designed to gain access to your system.
Our cyber-security partner Sophos has put together a great kit on educating your staff about ransomware, you can find it by clicking this link.
Lesson 2: Set up a secure network
Education is certainly half the battle, but the rest is ensuring you have a water-tight security framework in place. It’s no good teaching your staff to defend your businesses if you haven’t invested in any defensive measures yourself!
First things first, make sure you have a great anti-virus or malware protection solution in place. This software will work around the clock to protect you from the bulk of threats and helps make the arms-race a little more manageable.
Again, we’ll call upon our friends at Sophos here and recommend End Point as your go to security software, although there are a whole host of developers fighting the good fight and working to hold back the rising tide of cybercrime – have a look around and ask us which software would be best for you.
Lesson 3: Protect your backup data
Ransomware essentially relies on businesses not having an up-to-date and secure back-up of their data. Hackers will encrypt all the systems they can get their hands on, often rendering a business inoperable, then demand payment for releasing the data and relinquishing their encryption so the business can go back to normal.
The basic theory behind the hack is that the cost of the ransom will end up being less than the cost of the downtime, data recovery and hardware replacement that would be paid, and so the hope is that business will just cut their losses and pay the ransom.
But how about we just cut this out entirely?
Install a sophisticated backup solution, store your daily backups in an offline facility where the hackers could never reach them – then if you’re ever hit with a CryptoLocker or any similarly vicious attack you can ignore your assailant, wipe the system, and restore everything from last night’s backup.
Altaro is a company who provide some fantastic backup solutions, get in touch and we’ll talk you through using their solutions.
Lesson 4: Create an incident management strategy
Accidents happen. Even with the best intentions in the world your business can fall prey to cyber crime, maybe you’re part of a new scam that the security has industry has never seen before, maybe a new employee accidently clicks on a malicious link – it can happen to the best of us.
In fact, it has been revealed this month that both Facebook and Google, two of the largest tech companies on the planet, have lost a shocking $100 million dollars to hackers over recent years.
Even with the most sophisticated anti-virus and the most extensive education, you’d be a fool to think you’re immune. So start considering what you would do if the worst were to happen.
Who do you go to first when you think something has gone wrong? How do you reduce the impact of a security breach? Assess your digital assets – what needs protecting the most? If you have an IT partner it’s time to have a discussion and ask these questions. If they don’t have the answers, it’s time to find a new partner.
For more information on protecting your business, please get in touch by calling us on 01724 400300 or email us at firstname.lastname@example.org