I imagine that you do quite a lot already to comply with data security for your business — and health records if you have a medical practice. But did you hear about the hospital in California that was crippled by a ransomware attack? (FYI articles: 1, 2.)

I keep hearing about this more frequently from small businesses mostly.

Why worry?

Imagine you were locked out of everything. Project files. Quickbooks/billing records. Contacts. Customer data.

Some anonymous troublemaker is demanding some ridiculous amount of stupid bitcoins with a deadline or all your data will permanently be unretrievable. Think about that for a moment, you can’t work or do your billing, payroll, etc. Wow.

Do you pay? That hurts to give in to a ransom demand for your data. And what the hell is bitcoin and where do you get that you wonder. Plus there is the doubt whether you will gain access after paying the demand.

Do you ignore it? Cobbling together records and old backups may still leave gaps.

Either way, there’s an enormous drain on your time to deal with, recover, wipe your computers to try to prevent another infection, etc. Your looking at days, possibly weeks to recover.

How to prepare for a ransomware attack

Disclaimer, I’m not an IT security expert. What I’m outlining here are reasonable steps any business owner should consider doing to protect their assets and customers.

Prevention

First of all, minimize the risk of human error, which can often allow malware to gain access to a computer. From there it can spread to infect other connected computers and your entire network.

  • Restrict access to computers — password protect stations when away.
  • Passwords — they must be strong, unique, and absolutely no sharing!
  • Restrict access to data on a need to know only basis.
  • Regularly update your operating system, firmware, software patches, etc.
  • Don’t run your computers as administrators. All users should have restricted permissions so they can’t intentionally/unintentionally install software.
  • Use reputable email service that’s filtering out suspicious file attachments before they reach the inbox.
  • Network firewall — there are hardware and software solutions, and lots of ways to configure for your specific needs. Seek out an IT security pro to help you protect and backup your network.
  • Password protect your wi-fi and use the strongest settings.
  • Adopt a redundant backup methodology. For example, every computer should backup daily to an external hard drive. Content on your network drive(s) should be backed up daily (or more frequently) to internal or offsite. Keep older copies in case the more recent aren’t “clean”. Also keep in mind that while cloud backups are convenient, they may also take a long time to restore from. There are many sources online to learn and identify what might make sense for you.
  • Limit device access (i.e., smartphones, tablets, etc.) that can access your critical data; and be sure to protect them with a password/PIN/biometric challenge.

Detection

  • Antivirus software — this is a sore point with me. It always slows a computer down, and occasionally identify false positives. On the other hand, it can help protect your network from less tech savvy staff that occasionally make careless mistakes.
  • Security audits — talk to your IT person about that.
  • Pay attention for clues. Does a computer act odd. Does the CPU activity seem suspicious.

Education/Enforcement

As I said earlier, human error is often what makes you vulnerable. Educate your staff and remind them regularly. Sloppy behavior is a business risk.

Have a plan to deal with an emergency in case something happens. That should include how to communicate with your employees, customers and vendors.

Don’t forget your website can be vulnerable too!

Many business owners have a “set it and forget it” attitude about their websites. Don’t ignore that malware exploits can compromise your website, infect visitors and get your links removed from the search engine results. Have a knowledgeable person check that out for you.

Ongoing vigilance

After all this has been done and is operating, be sure to periodically review your internal IT security, backup, and recovery procedures.

I hope this is helpful. Please add your suggestions in the comments below. Thank you.
-Roland