Managing Cybercrime: Tips for Business Leaders
Businesses – of any size – are targets of cyberattacks. Whether you have 6 or 600 employees, your vital business data and your day-to-day operations are at risk.
More than 100,000 computers were hijacked in May by cyber pirates who demanded payment of individuals and businesses of all sizes. Much of the United States fortunately weren’t affected by these attacks, in large part because of the discovery and activation of a “kill switch” by cyber experts. A similar scenario played out in June when a cyberattack paralyzed many companies, particularly in Europe. But, we expect that there will be renewed attacks as the criminals adjust their software.
What can I do now to reduce the risk of attack?
Update your systems.
Most of the recent attacks exploit flaws that were identified months ago, and for which patches were available. Microsoft, for example, issues updates every week. The criminals take advantage of the reluctance to install the most recent versions because it takes time, and sometimes makes systems slower. Moreover, because there are always some bugs in updates, we have gotten used to waiting to install the updates. But, these updates are the critical first line of defense.
Trust No Emails.
Any email account or computer can be compromised and attachments can appear to come from trusted friends, colleagues, banks or government agencies. Indeed, cyber thieves work very hard to distribute fake messages and setup false websites, linked-in and Facebook profiles that look like the real thing. It only takes one person to click on the attachment to infect your entire network. Pick up the phone and call (don’t use the number conveniently located within the email; look it up). Ask if the person sent you the attachment before you open it.
Make and Separately Store a Backup.
When victims can readily wipe and restore computers from backup drives, they are far less likely to pay ransom. The criminals know this, and, so, the malware used in a cyber lock attack begin by disabling any backup drives that are attached to the network. They take advantage that it is less convenient to manually attach a hard drive, make a backup copy, and then remove the drive from the network. But a separate backup system – either physically removed from the network, or located elsewhere on the cloud provides you with option to paying ransom.
When in doubt, disconnect.
If you discover a problem or fear you have clicked on something you shouldn’t, disconnect the computer immediately from the internet and all network connections (including home Wi-Fi). Some of the malware are designed like time bombs, and will explore a while before demanding a ransom. Your IT professionals have access to software to identify and decrypt the computer. Individuals can look to online resources such as the Crypto Sheriff at www.nomoreransom.org from an uninfected computer.
Having a cybersecurity prevention and response plan is an important tool for all businesses. Even before your systems are hacked and confidential data is compromised, you must be ready to respond in a proactive manner that will result in the least amount of downtime to your operations and damage to your business and your reputation.
Seltzer Caplan McMahon Vitek’s new Cyber Planning & Response Practice Group can assist businesses in planning and implementing cyber-related policies, in a privileged environment, to address the risk and exposure to both foreign and domestic criminal enterprises.
The SCMV team can also help you with evaluating cyber insurance policies, provide incident response services if you are the victim of an attack and assist with the numerous legal obligations that result from a cyberattack.
For more information about our new Cyber Planning & Response Practice Group and how we are assisting businesses, please contact Practice Group Leader Dennis Wickham at 619.685.3135 or firstname.lastname@example.org.