Ransmware, Crypto Virus and educating your users

Ransomware, so you think it’s a joke?

“Never before have so few, stole so much, from so many that the many fail to see a problem!”

Ransmware, Crypto Virus and educating your users

Ransomware, Crypto Virus and educating your users

I got a phone call from a mate the other day wanting some advice.

My mate is attached to a not for profit organisation that has a number of self-managed branches all over Australia.

His question was “what do you know about ransomware?”   

My immediate response to that was “why, it hasn’t happened to you, has it?”

It turns out that one of the branches of his NFP organisation had been targeted through a phishing email and one of the volunteers had opened it.   Not realising what they had done, it had also been left to encrypt over the weekend.   ALL of their data was now encrypted.

My first response – restore from backup, clean the virus or better still rebuild the infected computer, and educate the users.   In that order!

I knew a forensic investigation was not going to tell us much!

But, wait there is more!

No we did not have end point protection installed on any computers or servers and when the incumbent IT Company (WTF) looked at the backup, they had not had a successful backup since 3 1/2 weeks prior.

The incumbent and external IT Company had not been seen on site in more than 12 months.    There was no reporting, no management and no proactivity.

All they had was a help desk and when that was needed it all turned to crud.

This scenario happens every minute of every day.

Often, we do not see the problems that the digital world creates, so like the ostrich, we hide from the repercussions in the hope that it will not happen to us.

This really is a bad attitude, both as an individual, but more importantly as an organisation.

No one is immune, there is no vaccine, everyone can be targeted and more importantly, being attached to the internet, everyone is.

The criminals are persistent, uncaring and, although we do not give them credit, most importantly clever.   They patiently wait for anyone and everyone to make a mistake and they capitalise on that mistake.

Just think of this – if we had no important data worth stealing (or encrypting) then ransomware would not be a 5 billion dollar industry.

The most important things to do – personally and as a business:

  • Trust no one
  • Be paranoid
  • Use common sense
  • Have a tested backup
  • Use antivirus
  • Get a decent firewall
  • Patch it all
  • Education
  • Audit and report

Try this little experiment – how long can you use a new computer before you realise that you need access to some old information.   If it’s not very long then you need to protect yourself from ransomware.

In addition I sent them this link – to see how mature their organisation is and it was completed by the IT person and they got a 1.7.   If it was at this maturity level, they would not have had the significant problem that they had.

I guarantee that if it was completed by management or a member of the board they would have got below 0.5.

Try it and see! http://business-security.com.au/go/audit/

Roger Smith is the CEO of R & I ICT Consulting Services, Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and the SME Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

Why do i need a Managed Security provider?

Why assumptions in business security are bad for your business

There is an old adage that has stuck with me since my early Navy days, never assume, because it makes an ass out of you and me.

Why do i need a Managed Security provider?

Why do i need a Managed Security provider?

When it comes to business security, assumption is a really bad place to be.    It happens all of the time!   We are assuming that the bad guys are only as clever or dumb as the person who puts the security together.
We have seen, heard, read and demonstrated that this is not the case.    The criminals who use the digital world to perpetrate their crimes are neither stupid nor dumb.   In most cases, especial in the true criminal environments, they can be exceedingly clever in their chosen field.
Their chosen field is using technology to separate you from your money, your trade secrets or your technology.
They are very good at it.
Why is it
In most business environments, small, medium, large or not for profit, the ICT department / person / person who knows computers is full on keeping systems working.   They are firefighting, troubleshooting and just keeping their noses above the level of crud that is the job.
The do not have time to implement stringent security measures so they revert to ‘easy wins’.
A firewall, maybe an acceptable use policy, anti virus and updates.   Anything that they can implement in a couple of hours and tick the box that says they are now secure – usual because the sales person said so.
In today’s rarefied cybercrime environment this is no longer enough.
It is not their fault, there are not enough hours in the working day to implement most of the strategies for a secure business environment.
This is where an external cybersecurity contractor comes into it.   A contractor who will augment your system, make it more secure, test it and deliver outcomes that, although expected, never usually eventuate inside the business.
Like everything else in today’s world finding the right one, one that is not going to rip you off, one who knows there stuff and one who uses or has developed a framework for security is very hard to find.