An estimated $5.7 million was lost by small to medium size businesses in one year as a result of downtime from ransomware attacks. The ransom requested by attackers isn’t always the most damaging part of the attack, it’s the amount of time lost to conduct business. Let’s take a look at the leading causes of ransomware attacks and how you can protect yourself from them.
1. Phishing emails:
Although Canadian Anti-Spam Legislation laws carry penalties up to $10 million, it doesn’t seem to deter hackers as phishing emails are the leading cause of ransomware attacks. If you are unfamiliar with what a phishing email is, you’ve probably received a few and deleted them knowing they were scams. Unfortunately, hackers are getting more clever and luring in more people by sending emails that appear to be from a legitimate company. These emails will usually contain a link that appears to take you to the company’s website to fill in your sensitive information (username, password, credit card numbers etc.) but it’s all a clever rouse to provide your information straight into the hands of the hackers.How to Spot a scam:
Usually phishing emails won’t be addressed to you personally, for example, they would say Dear Customer instead of your name. If a company you have an account with was truly reaching out to you they would know the name of the person they were attempting to contact. The email might also inform you that your account has been locked due to a number of failed login attempts, and provide you with a link to reset your account. If you haven’t tried logging in recently, this is most likely a scam. Double check the link they sent, if it contains grammatical errors, it obviously isn’t from the actual establishment.
If the email doesn’t contain these telltale signs, and you do use the services from the company that apparently sent you the email, use your own link. Don’t follow the link from the email, use the one you have bookmarked or type the company’s name into a search engine to ensure your landing on the correct page. If the information you see on the site is the same that was in the email you can trust that the email is in fact from the correct source. If you are still unsure, call the sending company, they would have a record of your account and if they sent you any sort of email.
2. Lack of Cybersecurity Training:
An alarming amount of employers provide little to no cybersecurity training for their employees, putting their businesses at risk. A common misconception is the employees would know not to open suspicious emails, but if they have never been trained on what a fraudulent email looks like, they would have no idea what not to open.A Simple Solution:
Training! Plain and simple, providing training for your employees on what a malicious email might look like, is a simple way to ensure they are the first line of defence against ransomware attacks. There are even some free online cybersecurity training sites that can help you serve your employees with the necessary skills to protect your business.
3. Malicious Websites/Web Ads:
This kind of attack can occur when an employee clicks on a malicious ad, which might be disguised as a pop-up or text link. When the ad is clicked a harmful script within the ad is executed and will redirect the user to an infected page which would contain an exploit kit. The exploit kit is used to deliver malware to the users computer which could contain anything from a banking trojan to ransomware.
How to Protect Yourself:
Keeping your system and software up to date is key in keeping your business safe. Operating systems are constantly being updated to keep your information safe. As hackers become more intelligent, software companies have to remain one step ahead of them to ensure their customers and their information are safe from attacks. Education is also important, be sure that your staff take the time to understand safe browsing so they are able to identify suspicious content or links. Finally ensure that your anti-virus software is up to date to keep you protected against attacks.
In 2017 96% of small to medium sized Canadian businesses that were attacked were able to fully recover when they had a reliable backup and recovery solution in place. We can help you protect your business implement a data protection strategy that would include offsite storage of your data. With our backup and disaster recovery services we can store your information in our secure data centre providing you with easy offsite data protection. We want to ensure all of our clients are protected. Call today to discuss how we can help you stay protected.