This last month 23 Texas towns were hit with a coordinated cyber-attack.  The towns IT systems were infected with ransomware designed to encrypt and “lock” access of the information unless a ransom is paid.  Then once the ransom is paid, the hacker claims they will unlock the information giving the owner access to their information again. 

That’s how it is supposed to go, but remember we are dealing with bad people who already locked up your information, so how can they be trusted to keep their word once the ransom is paid? The simple and realistic answer is they can’t be trusted.  Even if the bad guys unlock your data, they are likely to demand even more ransom and/or erase your data.

According to the FBI, there were more than 1,400 victims or ransomware with more than $3.6 million in damages not including loss of business, wages and time in 2018. This represents an increase of 55% over 2017.  The FBI reports that this is a small percentage of the overall crimes being committed as most cybercrimes are not reported.

As a business owner what do you do?  Here are practical solutions to help business owners:

  1. Protect Your Data – Hire a professional IT firm with the expertise to protect your data in the first place.  This includes using next gen managed firewalls, antivirus and the latest in malware defense software.  When looking for a provider, make sure they can protect your data from outside and inside sources.  Your provider should update security patches weekly and provide employee training on how to avoid phishing attacks.  Plus, they should be well versed in any compliance issues such as CIS 20 Controls, HIPPA, NIST and any industry specific requirements.
  2. Backup Your Data – If you get ransomware, with good reliable backups, you might be able to restore your data to setting prior to the attack.
  3. Cybersecurity Insurance -Make sure you know exactly what your policy covers.  Some policies may not cover all the costs incurred to recover your data or to get your business up and running again.  In California, if 500 records get compromised you are required to report the breach to the Attorney Generals office. The estimated cost to recover from an attack that size is $130,000 not including the costs to repair your reputation and any fines assessed from the State of California.  (A business with just 25 employees will easily have 500 or more records.)

If you are hit by ransomware, the FBI recommends the following:

  1. Don’t pay the fine.  It encourages more criminal activity and you are not guaranteed to get your information restored. The criminals are most likely to continue to attack until it is unprofitable for them.
  2. Report the crime to the FBI’s Internet Crime Complaint Center online.

Right now, JR-Tech is helping business owners in the Inland Empire with a FREE Cybersecurity Threat Assessment and CIS 20 Controls Report.  This assessment and report will reveal vulnerabilities in your network and how to get into compliance to provide reasonable protection of your data as required by California law.  This report analysis and report is free to business owners in the Inland Empire with 15 or more computers and a server.  To schedule this free community service, please call 951-319-4080 or go online at: jr-tech.com/cybersecurity.