Two of the simplest and cheapest ways to protect your company from a ransomware attack are Multifactor Authentication and a fresh backup.
Back up everything! You are not invulnerable. Catastrophic
data loss can happen to you – one worm or Trojan
is all it takes. – Kevin Mitnick
Just because the data is in the Cloud does not mean it’s backed up.
Do you have a backup of all your precious data? I’m sure you think you do, but when was the last time you made sure your data was actually backed up and safe? Don’t assume because your data is in the Cloud that it is backed up. Definitely don’t say it is if your IT says so but never shows anything to prove it. Your data is the lifeblood of your company. If you lose your data, you are out of business, which is why backups are so critical in protecting you from a Ransomware infection. Imagine your Office 365 account has been hacked with Ransomcloud (Ransomware for the Cloud). All of your emails are now inaccessible and both your email and your other files are encrypted. How would you recover from that? Yes, cloud providers keep copies of deleted files if you ever need to recover one, but all of your files and all your email at the same time? That’s a whole different story. Not having a backup in place means data loss and a lot of recovery pain to salvage what you can. Or, you’ll have to pay the ransom. Same situation with your onsite data. Protect yourself with pristine backups—you’ll thank yourself later when you really need them.
Ransomware is unique among cybercrime because in order
for the attack to be successful, it requires the victim to
become a willing accomplice after the fact
― James Scott
Multi-Factor Authentication (MFA): The Annoying Step That Can Save Your Bacon
Do I really need to have MFA (Multi-Factor Authentication)? Sure, it’s a pain to have to enter a random code every time you log in. Sadly, this is the state of the world we live in. So, yes you should be using MFA for any system containing data you care about. This includes mundane things like Office 365 that get overlooked (see above). It’s pretty easy to set up and; it’s not that disruptive given the layer of protection against ransomware and hackers it offers for the effort. I have a quick client story to prove it.
The Luck of the Irish: Adding MFA Just In Time
We have a client that had been dragging its feet to turn on MFA for their Office 365 accounts. They understood that MFA was something they should do, but felt it was unneeded because their emails were not appealing to a hacker and did not want the second-step inconvenience. They finally acquiesced. We turned MFA on and rolled it out to the users without a hiccup or exorbitant complaint. It was not as dramatic an event as they had feared. So far so good. Then, about a week later, a few key employees started receiving texts from Microsoft requiring their MFA codes to log in. Our client’s users were confused. They couldn’t understand why Microsoft was requesting MFA codes from their users who weren’t logging in? Unbeknownst to our clients, some hackers had been trying to access those unappealing email accounts mentioned above. The hackers never successfully logged in. The new MFA layer brought the hack into the open and protected our client’s emails. With MFA in place, hacking the email is MUCH more difficult and as hackers do, they will move on to a victim who is less diligent.
Don’t be a Ransomware Victim
DOWNLOAD our Ransomware Best Practices Checklist and take the simple steps to protect your data, keep your employees productive, and keep your enterprise up and running. The more cybersecurity protection layers you have in place, the harder a target you are, and the chances of being hacked are much lower since it will take too much effort.