News in again this week that a big local company has been successfully targeted by cyber criminals. Steelite International were subjected to a ransomware attack where their payroll server data was encrypted meaning they could not process weekly payroll.
Everyone talks about this being a high tech targeted attack but the reality is that it usually isn’t. Ransomware-as-a-service is available for a few dollars on the dark web. Typically, criminals will send in a plausible email which is opened by an unsuspecting employee. The email will contain malicious code that attempts to connect to the internet to download encryption software. This software sits on the PC looking for network data and then encrypts it. Once the data is encrypted, a ransom message is displayed. The data isn’t stolen but your access to it is denied.
The question is, how does a seemingly well-resourced corporate like Steelite get caught out?
There is now magic bullet I'm afraid - you need a multi layered approach to IT security risk. There are a few things you can do to avoid being caught out.
- Use a good email security product that will stop many of these email threats before they hit your email system
- Develop a security aware culture in your business - think before you click
- Give data access only to those employees that need it - lock down your data
- Secure the edge - a licenced next gen firewall will detect and prevent suspicious activity and block malicious downloads
- Have a robust backup and recovery position as this will be your "get out of jail" card secure the backup data locations so they are not visible to users so these can’t be encrypted.
We have a suite of managed services that can help with all of this. Call us now for a free chat - it could save your bacon.