Unsolicited Advice: Cyber attacks, a new threat to your business.
Cyber attacks, Ransomware attacks to your business, first understand it and then know what you can do about it.
Last week, we read about a ransomware attack around the world that so far has been reported to have affected around 150 countries. The truth is that most of the business owners I spoke with didn’t know what a ransomware attack is, let alone what could happen to their business if it was attacked.
As we all know, criminals have become smarter and are better prepared than us. So, let’s start by defining what ransomware and a ransomware attack are:
- Ransomware is a piece of software that once downloaded in your system or computer will encrypt all your data and require a key or password to be unlocked.
- A ransomware attack is when the software is unknowingly downloaded in your system or computer, encrypts your data and then requires a particular payment to unencrypt your data or system.
It’s like someone entering to your house or business with or without your consent, locks you out, and then asks for a payment to let you back in. It is another form of extortion, someone blackmailing and trying to extort money from you, or when someone captures a family member, takes him/her hostage and requires payment for their “safe return”. In a ransomware attack, the attacker or ransom holds your data “hostage” until you pay the attacker for the “safe return” or “release” of what is yours.
However, there will be no guarantee that payment will result in “safe return” of the data because some data could be corrupted or damaged during the encryption.
Why should you care?
The rise of digital currency like Bitcoin has made easier for ransoms or attackers to get paid without leaving paper trails or let’s say digital trails of evidence. These attacks are a quick cash for ransoms and are becoming more frequent. According to the Business Continuity Institute, ransomware attacks have been increasing rapidly within the past two years. Imagine, 51% of financial institutions or healthcare facilities faced some type of attack in the previous two years.
Last week, hospitals and organizations around the world were targeted. Ransoms know these institutions need their systems to continue their work and will be forced to pay. These criminals know their targets; they have already researched and found the most vulnerable and those who will pay.
Imagine what could happen if they target independent businesses, which are more likely to lack planning for this threat. In fact, not only lack planning but are unaware of these type of attacks and cyber extortion.
What will happen if your business is next?
Imagine your entire system and database attacked and you have no backups, as well as no idea of what to do. You get a warning message on your screen demanding payment. There is a high probability you, thinking that is the only way to deal with it, will end paying the ransoms to unencrypt your data. So, you Google it from your phone, scared to get the phone attacked as well, and find it is a global attack. Ransomers know who is vulnerable and who will pay them faster; they have done their homework and know their targets well.
These are the primary reasons cyber-attacks like ransomware attacks should concern all of us: first, we probably won’t know what to do, and will pay them off, and second, there’s no guarantee the data or system will not be damaged or corrupted even when we pay.
So here is my advice:
- Backup. Customers’ list, databases, payroll, financial documents, vendors’ list, CRM, and contact info must be backed up frequently. Backup your data to a cloud system that could be accessed from anywhere if needed. Alternatively, send yourself an email with digital copies so that you can access it from anywhere. Always be prepared.
- Have seconds. No, I’m not talking about second plates of food. I am referring to a second everything, a plan b. Second digital copy of your database, a second computer (not connected to the same network, just in case). Maybe a second bank account (just in case the first one gets hacked). You get the idea – have a plan b and c if possible.
- Don’t assume you are not at risk. Don’t ever think it will not happen to you. I see so many business owners living like nothing will ever happen to them, but it’s better to be safe than sorry. It is always cheaper to prepare than to recover from a loss.
- Worst case scenario, evaluate before you panic. Remember the Presidential statement “We do not negotiate with terrorists”? Well, you don’t have to either. If you have your data and records backed up, you don’t have to surrender to a ransom request (you have the bull by the horns) However, if you find yourself if an inconvenient situation (you have no backup or copies of your files) ask yourself: Is this the only option? Always remember there’s no guarantee that your system and data will not be corrupted. Also, remember you just opened the doors for ransoms to come back for more.
Technology issues are just one part of comprehensive business continuity planning. Add to it human error, third party failures, natural disasters, accidents, etc., all these events could prevent you from conducting business activities as usual. Do you have a plan to continue offering your services and/or products even after any of these events?
Let’s talk about your business! Every week I open my schedule to offer 5 free business assessments. When you are ready to take total control of your business, book a free business assessment with me, I will give you a road map to follow, to prepare your business for any event.
**This article was also published on LinkedIn Pulse. You can access the original article here: Unsolicited Advice #3: Cyber attacks, a real threat to your business.