By now you’ve probably heard about “ransomware.” It’s a type of malware that encrypts the data on your hard drive so that you can no longer access it. Once that happens, you’re generally contacted by the criminals who installed the ransomware on your machine, and you’re directed to pay a ransom in order to get the decryption keys or otherwise access your data.
You’ll be instructed to make the payment in a way that’s designed to be untraceable. And even at that point, you can only hope that you’ll actually get the tools for decrypting your data.
Ransomware has become a billion dollar business, according to NBCNews.com, and while ransomware often infects individual computers and laptops, Techtarget.com notes an uptick in late 2018 and early 2019 showing a focus on enterprise-level invasions by digital pirates using ransomware.
How do you guard against ransomware? You need a reliable backup of your critical data, high-quality malware protection on your computer, and you need to consider how you would quickly access your data if an attack or accident made your PC unusable.
Note: If you are the victim of an ransomware attack, the appropriate response is to contact the FBI. If you have a ransomware mitigation strategy already in place, that will enable you to continue critical work, avoid paying the ransom and potentially work with authorities to help them find the criminals behind your attack.
Update and Verify Your Backup Strategy
A good backup is key to surviving a ransomware attack. After all, what’s being “ransomed” is access to your own files that have been encrypted on your computer. If you have access to a full backup of that data, then there’s less to worry about. You may still need a professional to “disinfect” and reformat your PC’s hard drive before you’re able to use the PC again, but if you’ve got access to your data, you should be able to get up and running relatively quickly.
A good backup is also one that you’ve thought through very carefully. You need to ask yourself what critical data you would need access to if your PC was suddenly unusable—whether through an attack or an accident that affected the hardware—and be sure you make incremental backups of that data on a regular basis. Ideally, those backups are both redundant and accessible, and they’re comprised of the files you would need access to immediately.
Other important questions to ask when you’re planning your backup strategy are:
- Are there any holes or gaps in your backup strategy? Are your files only backed up when your laptop is in the office? Do you go days or weeks between backups? If so, you should look into secure cloud-based solutions for real-time backups to supplement backups that take place when you’re in the office or connected to your network.
- Are you backing up the right files? In many cases you may only need the files that are saved in your home folder or document folder on your PC, but in other cases you could have applications saving files in places you don’t expect. For instance, if you have an accounting application that stores its database on your PC, that file may not be in a document folder where you’d expect it. Do an inventory of your drive to see if there are any odd places where important files are being stored, or ask your IT team to do it.
- Are you certain the files are being backed up? What’s your strategy for testing your backups and making sure that you can, in fact, get access to important files if you need them?
In terms of how and when you back up files, we recommend a two-tier strategy. First, it’s always nice to have a “snapshot” backup of your computer that would make a full restore of your PC relatively easy to do.
Second, incremental backups of your critical files are also very important, and they might be the solution that enables you to quickly get back to work with another computer. If you have critical files backed up securely to the cloud, then accessing them even if your computer is out of service should be much easier.
Install and Use Good Antivirus Software—and Antivirus Practices
It’s worth saying that antivirus software isn’t the whole solution for ransomware, in part because new malware is introduced and updated frequently, and ransomware, in particular, often includes some sort of “phishing” strategy, which means something like an email designed to get you to click to a website or fill our a form that would then download and install the malware on your computer.
(In some cases, particularly those aimed at organizations and corporations, a personal “phishing” attack might include criminals calling your co-workers on the phone and attempting to get them to reveal passwords or other information to help bypass network security.)
But good antivirus software is an important step in any ransomware plan. Industry publications such as PC Magazine regularly rate and review antivirus software, including information on if and how they handle ransomware. Choose a high-quality package and keep it up to date, or work with your IT department or managed IT services provider to make sure your computer is as secure as possible.
Along with good antivirus software comes some antivirus education for yourself and your co-workers. Your company needs a plan for training everyone on possible threats to their computers and the network, including behaviors (what to click on vs. what not to click on, what questions to answer over the phone, how to choose and store passwords) that could ultimately compromise the company’s network if you’re not careful.
Save Fewer Critical Files on Your Computer’s Hard Drive
This one is particularly geared to road warriors and laptop users—the fewer critical files you actually store on your laptop, the fewer you have to worry about if your computer is locked or lost. That means saving files securely to the cloud whenever possible, so that they’re stored in a way that’s accessible from anywhere.
For corporate users and those with IT departments or managed IT service providers, another important option is to your a virtual private network, or VPN, to connect to your office’s network, and save your files on that network. A VPN encrypts data sent between your laptop and your office network, making it possible to connect and work securely. If you’re storing those files on your company’s network, you’ll have the added bonus of taking advantage of the company’s backup plan and being able to access those files again even if your laptop is compromised.
Work With Experts
For many small and medium-sized companies, a full-time IT person or department isn’t realistic. In those cases, it’s important to consider hiring consultants to regularly check the integrity of your network and your antivirus systems, or to consider bringing on a managed services provider, who can set up you network, your security, your backup plans and manage implementation across your PCs and other devices.
With all the external threats to your data—not to mention the possibility or employee errors and accidents—having a strong partner to help you manage, maintain and secure your data is a great idea.
Along with our Voice over IP and fiber Internet services, Fuse.Cloud offers managed IT services for our customers—available at a low cost-per-workstation price, and with excellent features. If you’d like us to take a look at your current network and help you figure out if managed IT services could improve your productivity and peace of mind, give us a call today!