“It took me 26 hours of work… without sleep… to get the network back online. Not fun…” says Richard Mash of Network Partners. In his most recent encounter with hackers Mr. Mash was helping his client, a local small business, after the hackers stole and encrypted the client’s information, demanding a ransom.
Mr. Mash continues “The client’s network became infected with a really nasty virus called CryptoLocker. The virus was sent to them in an email with an attachment that was supposedly a resume from a job applicant. Not surprisingly, someone in the HR department opened the attachment and within minutes the network was infected with a virus and all their critical data files were encrypted… The authors of the virus demanded a significant amount of money in return for decrypting the files, effectively holding the company to ransom. Luckily, we had good backups of all their data and we were able to recover everything without paying the ransom request. The important thing to note is this company had 3 different levels of anti-virus protection, all of which allowed the virus to penetrate the network.
I’m sure all of you are aware that computer viruses can be spread by email. Even though many of us maintain excellent anti-virus products on our networks to help protect our data from viruses, these programs are not 100% foolproof. We also need help from our employees to keep important data safe.”
Mr. Mash shared some very helpful tips with ABEX to help us protect our network so we don’t encounter a similar problem. We thought these tips would be worth sharing with you so that you can protect your network from viruses. The most important thing is to be vigilant about emails that you receive:
- NEVER open an attachment in an email that comes from someone you do not know or do not trust.
- A simple rule of thumb: NEVER click on a link in an e-mail and avoid opening attachments if at all possible (Especially ZIP archives). And, if a link must be clicked on in an e-mail, hover the mouse cursor over the link to see where it leads to. If it looks suspicious please ask!
- These emails may seem to come from companies that you trust, like Canada Post or UPS. If you are not expecting a “delivery notification” from a courier, then don’t open it.
- Banks or Credit Unions will not send you unsolicited emails with attachments… ever. Just delete them.
How can businesses protect themselves?
To manage and minimize the potential damage from a cyber attack, companies should employ a comprehensive cyber risk management strategy that along with a cyber insurance also includes appropriate loss control techniques, an assessment of company’s networks vulnerabilities, and employee security awareness training.
Businesses should make sure that their cyber insurance policy coveres costs in case the company is unable to access its computer system, the system is infected by a virus, confidential information is compromised, or its brand and reputation is tarnished by posts on social media. In addition, the policy should cover the cost of independent computer security consultant to assess any threats, prevent immediate threats, offer reward to prevent perpetrators of the threat and reimbursement of any ransom the company is required to pay in the event above measures fail to mitigate the threat against them.
Please contact ABEX today for more information on our cyber risk management process.