Thanksgiving is right around the corner and there’s never been a more important time to shore up your mission-critical infrastructure and protect your business. A recent study predicts ransomware hackers are likely to hit over the next six weeks – between Thanksgiving and New Year’s – and that some companies and consumers are not prepared to respond to stop the attacks. Cybereason, a Boston-based cyber analytics company, shared the findings of more than 1,000 companies who have already been victims of ransomware. According to the survey results, nearly 9 out of 10 people are worried about holiday cyberattacks, but only 1 in 4 don’t have plans in place to be able to respond quickly. Additionally, 7 out of 10 individuals have been on vacation or off for the weekend when the attacks have occurred. Even worse, some have admitted to being drunk when falling for ransomware attacks!
Ransomware Attacks Explained
Ransomware is a type of malicious software that encrypts a victim’s data, rendering it inaccessible to the victim. It is generally distributed through email phishing, malvertising (malicious advertising), social engineering, and exploit kits. After ransomware is distributed, it encrypts selected files and notifies the victim of the required payment.
Payment can range from a few hundred dollars to a few million, and once the ransom is paid, the attacker sends a decryption key to restore access to the victim’s data. Typically, payment is demanded in the form of a cryptocurrency, such as bitcoins.
How does a ransomware attack begin?
The first step in any ransomware attack involves the cybercriminal gaining access to your computer. From there, it’s simple for them to gain the permissions they need to install the ransomware.
After it’s quietly installed, the ransomware springs into action, encrypting valuable files so they can’t be accessed by anyone other than the hacker. After that, the hacker will usually get in touch to let you know what they’ve done and set a ransom amount they want in exchange for the security of your files.
How do hackers initially gain access to your computer?
There are many different ways for hackers to access your system. The 2 most common are:
- Phishing emails that look legitimate, but instead contain malicious attachments
- Poisoned websites, which also look legitimate, but instead direct you to a malicious page
Some of the most spoofed brands include Apple, Amazon, and Microsoft – brands that most of us get messages from regularly and trust implicitly.
Anti-ransomware technology plays a key role in stopping malicious attachments or webpages from gaining access to your entire system. However, it’s equally important to educate yourself and your staff, so they can be on the lookout for phishing emails or malicious links and web pages that come their way.
The Holiday Surge
Black Friday and Cyber Monday are two of the biggest shopping days of the year and, thanks to lingering COVID concerns, more people are shopping online even on Black Friday. An uptick in online activity means more opportunities for hackers to exploit IT weaknesses in your business.
Last year, online holiday shopping sales reached over $188 million during this time so preparing for the onslaught of holiday activity is critical. Website crashes due to increased traffic, shipping errors, and security breaches can all negatively impact your business and your customers, with security breaches being potentially the most devastating.
An Ounce of Prevention
Benjamin Franklin could not have foreseen cyberattacks, but he was right when he said, “an ounce of prevention is worth a pound of cure.” The potential downside of a cyberattack goes beyond lost data and dollars; it affects your overall brand reputation and customer loyalty which will have long-term ramifications. It’s better to spend time now shoring up your infrastructure to prevent potential attacks.
You need to safeguard your business data and customers’ personal information via a multilayered cybersecurity plan that protects your systems, detects threats, defends against attacks and eliminates breaches through incident response. Maintain frequent backups so, in the event of an attack, your business can minimize damages and recover business operations quickly.
A robust plan to protect yourself and your company from ransomware should be a multi-pronged approach including the following:
A VPN
Protect employees’ connections first. Require employees to log onto government networks via a VPN or by using virtual desktop infrastructure. This allows those with an approved endpoint (usually a computer) and a network connection to have secure access to the applications and data on a desktop. Mobile hotspots, which run on a cellular connection, also allow users to connect to the internet more securely.
Multifactor Authentication
Once connections are as secure as possible, it’s important to implement a cybersecurity education program. All individuals who work for a government agency should be using multi-factor authentication (MFA) as much as possible to protect their accounts. If there’s an MFA option, each employee should be required to use it. If they don’t know how, it’s important to provide education to demonstrate how to implement this important security safeguard.
Employee Education
When companies fail to educate their employees on the importance of implementing cybersecurity measures, they open up the possibility of attacks on critical city infrastructure and constituent data.
Employees should receive training on updating passwords and firewalls. Through cyber education, employees can recognize the difference between a secure email and an attempt at phishing.
Patch Management
Every employee must download updates and other software patches on their computers and devices as soon as they become available. These updates help fix holes that cybercriminals try to exploit. Patch management should be a top priority.
A Comprehensive Cybersecurity Plan
As soon as possible, it should be decided who will be responsible for developing, implementing, and enforcing the agency’s cybersecurity policy. That individual should spearhead the effort to define cybersecurity goals, plans, and procedures. There should be a procedure for educating new employees on the agency’s policies, including always updating. Lastly, consistently communicate new or changing cybersecurity policies to employees.
The Grapevine Advantage
Plan for unexpected issues and take preventative measures now, before the online shopping season frenzy begins. We want you to be able to focus your effort and energy on growing your business and supporting your clients — not stressing about potential threats to your infrastructure.
When you partner with Grapevine MSP, you can feel confident that your electronic assets are optimized, maintained, and protected. Ensuring your business’ technology runs smoothly is our top priority.
Contact us today to ensure a safer tomorrow.