You’re Still Not too Small

by

A Ransomware attack on your small business might not cause oil and gas shortages over a wide swath of the country, but rest assured cyber criminals want to exploit the files and data you have worked so hard to develop and maintain for their own profit.

In fact, reported Homeland Security Secretary Alejandro Mayorkas on May 13, small businesses now account for 50 percent to 75 percent of Ransomware attacks.

Ransomware attacks increased 300 percent in the past year as Ransomware gangs extorted and blackmailed $350 million from businesses through encryption of their data and then stealing that data and threatening to expose it to the public.

The plague has become particularly acute in industries that rely on their data to operate and are considered to be “one-stop shopping” for most if not all of the data hackers need to commit a wide variety of crimes ranging from financial to medical fraud.

Think data-intensive companies like accountants, law firms, and healthcare practices. If you run a small business in those industries, you should:

  • Layer multiple defenses on your network including anti-virus, firewalls, third-party threat hunters
  • Provide Cyber Security Awareness Training to you and your employees
  • Obtain cyber insurance to cover potential damages.

Understand that criminals don’t need to be computer geniuses or even know how to write a virus to commit their crimes. Dark Side, the group believed behind the Colonial Pipeline attack, sells Ransomware as a Service to make the job easier for other criminals. That makes for a lot of potential criminals and a lot of potential victims.

If you need help fortifying defenses or Cyber Security Awareness Training for you and your employees, call 302-537-4198 or email me personally at ericm@flexitechs.com.

Test Your Backups Regularly

by

Most businesses back up their data frequently. Some even back up to multiple locations in the event of a fire, hard drive failure, natural disaster, or theft.

But few realize the cyber security implications of TESTING your backups to ensure they work if you need to recover critical files or data after a Ransomware attack.

Backups fail anywhere between 5% to 25% of the time depending on the backup service used according to the research firm Gartner. Backups fail either in the backup process or in the recovery process.

If you have a Managed IT Services Provider, your backups should not only be monitored for failures but also tested regularly to ensure that files restore successfully when needed. The last thing you want is to end up in negotiations with the hackers after learning your backups won’t restore your files.

If testing your backups was not discussed when you signed up for an automated backup plan, or you simply don’t know if they are tested, ask your backup provider or backup software company if they are and if not, how to do this.

Backups should be tested on a regular schedule like this:

  • At least once a month, pick a random backup version date and restore a handful of files to see if they restore successfully (be careful not to restore over the current version of those files)
  • At least once a quarter, perform a deeper restore operation of numerous files from different backup dates, again being careful not to overwrite the current versions of your files
  • At least once a quarter, check all files in the most recent backup to be sure that you are backing up all files that you would need to restore
  • On a daily basis monitor your backups for failures. Any good backup software will let you know whether the backup succeeded or failed with an email or within the software itself
  • If you see errors at any stage of the backup or restore processes, resolve those issues or have your IT or backup service resolve them for you.

Keep in mind that if your data is critical to the operation of your business, you should perform the steps above more frequently to minimize the risk of partial or complete data loss when you need to restore from your backups.

For help implementing a backup testing program or an automated backup program if you don’t have one, call 302-537-4198 or email me personally at ericm@flexitechs.com.