October 11, 2019

Could a "Not-So-Obvious" Ransomware Attack Affect Your Business?

Could a "Not-So-Obvious" Ransomware Attack Affect Your Business?

Did you know that 60% of small businesses have had to deal with a ransomware attack, in which entire networks are encrypted and these businesses are having to pay big money to try and get their data back.

Massive amounts of money are being spent on cybercrime activity like ransomware attacks every year.

The thing is, it's relatively easy to protect your business from a Ransomware attack with the right plan in place - but it’s important that small businesses don't think that they're too small to be a victim.

We hear a lot of small business owners say, “Why would they want my data?”

Well, what these cybercriminals really want is your money.

A great example would be a cybercriminal encrypting your QuickBooks file or your accounting system. The amount of labor it would take for your organization to recreate that data could be even larger, so that has a value, and they know that that value is going to get them paid in some way, shape, or form.

At Attentus, our goal is to prevent that from happening. You’re going to have to invest in technology in order to operate your business one way or another - we’d rather it be in preventive activity rather than handing over 10x that amount of money to cybercriminals.

When we talk about the rise of Ransomware attacks across mid-sized businesses today, what people think about first is the obvious phishing scams that are easy to avoid. In reality; the majority of cybercrime is malicious activity specifically designed to mislead or deceive even the most competent people.

Understanding what might be defined as the "not-so-obvious" cybercrime activity can be helpful in avoiding it. 

What is an Obvious Phishing Attempt Versus a Not-So-Obvious Phishing Attempt?

When you think of an obvious phishing attempt, you are probably thinking of the classic Nigerian prince who died and you're suddenly the one who is named the inheritor.

Right?

Well, over the last few years, cybercriminals have become a bit more intelligent.

Today’s obvious phishing attempt would be, most often, a strange looking email coming from a reputable source. By strange, I mean an email from a financial institution - like a bank - with a domain name that doesn’t quite match up with the official domain of the organization. Most competent employees typically catch these emails with a quick double check on the domain.

What’s not so obvious, would be an internal email from your boss asking you to perform an important activity.

What you must do, as a responsible business owner, would be to make sure that you have not only a software solution in place to prevent the stuff that's coming in, but regular employee ransomware training to ensure your people understand the difference. They want your money, they want your credit card information, they want to hold you hostage. This is a conversation that you need to be having with your team. If you're not having these conversations with your team, it's really easy for a staff member who is in a hurry has a lot of stuff on their plate to make a simple mistake.

We've seen extremely intelligent people send company issued checks for $5,000, $10,000,  $50,000...to criminals.

 What Can Be Done To Prevent or Predict Ransomware Attacks From Occurring?

The biggest thing business owners need to be focusing on is making sure their team understands that cybercrime activity is happening every single day.

At Attentus, we look at our spam folders daily, and there are thousands of attempts at stealing credit card information. The Co-Founder actually just got one yesterday that looked exactly like an email from Netflix asking to update the credit card on the account- but it wasn't Netflix.

In this day and age you need to be very, very skeptical of things in your email.

You don’t just have to be paranoid that everyone is trying to scam you - that would be a bit ridiculous. There are certainly some things you can do to cut this possibility down.

There are some technological things you can do, like putting a filter in place on company email accounts that will catch a bunch of that stuff. So if you're not running a spam filter today, you need to put into place right away.

In terms of predicting cybercrime and ransomware activity, you should just expect it to happen to your employees. The biggest problem today is that most people think it's never going to happen to them. That's living in a land of make believe. It is happening every day to everybody who has an email address. Your employees are not excluded no matter how good your spam filters are.

Know that it's coming, know that you're getting it, know that it's happening to you and your employees, whether it's the IRS or Netflix, or Amex and start educating. 

How Can an IT Support Company Like Attentus Technologies Help?

There are many things that technology can solve completely, and there are many things that technology can enable or aid in. Defending your organization from a Phising or Ransomware attack involves not only endpoint security, antivirus software and spam filtering - it involves constantly communicating and educating your employees.

That means policies need to be developed and put into place.

One of the things an IT provider can do to help a local Seattle business is to put in place a standard in which an employee would interact with their workstation.

A few years ago, employees were free to install whatever they wanted on to their computer, That’s their work computer. If they wanted to have iTunes on it - they could have iTunes. If they wanted to download the newest version of chrome or add an extension to help them do their job more efficiently - it was open to do so and most of the time encouraged.

Most mid-sized companies didn’t monitor user activity very well, but I think what we're finding today is the sophistication of cybercriminals is so great that you have to implement these policies in order to really prevent ransomware being installed to begin with.

Seattle companies need to have an approval process for what applications employees can download. Doing so will allow your company to centrally manage user activity, in order to prevent or lower your risk profile for cybercrime and attack surfaces inside your business.

As business owners and leaders, oftentimes we want to let our employees be able to have more freedom in order to focus on growing the organization. There is no way, as a business owner or even as a manager, you can be micromanaging what your employees are doing all of the time.

We need to be teaching employees how to make better decisions - that comes from training. If you want to protect their productivity, protect their time, and protect the company's bottom line it requires a communication strategy, a streamlined policy and trainings that your people understand.

We can help develop these policies and trainings by coming into your business, understanding the relationship you have with your existing IT resource and staff today - and enhancing it to truly protect your organization from cybercrime activity like ransomware.

© 2019 Attentus.Tech. All Rights Reserved.