Imagine your website, email, cloud storage solutions … gone. Kaput.
You call and get a message saying: “We are down, and we don’t know when we will be back up.”
Usually, this type of encryption threat (like the popular CryptoLocker) comes in disguised as a friendly email from your financial or shipping partner.
One click and your files are toast; all encrypted.
Opening email has become a high-stakes game of “Press Your Luck” (the greatest game show ever) and it usually does not happen to the tech companies themselves.
That’s what makes this such a frightening development.
In the situation of the Tallahassee company, what they did after the fact is the worst thing you can do.
According to the Tallahassee Democrat, they paid the ransom.
Just like negotiating with terrorists, never pay the ransom.
Why? Because it only encourages them to do this to more people. What’s worse, they may or may not give you the encryption keys to get back up and running.
So, why did they pay? Usually when someone pays it means they have no backup and no other way to get back in business.
It is not the first time Network Tallahassee made the news, it would appear one of their execs is already in jail. You can read about that here if you like.
With all that, what can your company do to prepare?
First, have a bundled arsenal of cyber protection tools, including a security system with features such as GEO IP filtering to block non-USA IP addresses.
That step alone will minimize the risk of becoming a victim, as most cybercrimes aren’t from around these parts (China usually holds the No. 1 spot).
Then, keep your anti-virus and anti-spam tools current. Use modern, patched and updated operating systems, keep passwords complex, go through cybersecurity training
And if all else fails, have redundant quality backups.
Don’t let this happen to you.
The threat landscape gets more devious in 2019; the days of mass spam embedded with malicious code are winding down.
More likely, you will see emails addressed to you, referencing things you are actually working on.
This is called “social engineering.” One major downside of working in The Process (or some other high-profile field) is that your name, contact info, etc. are easy to find.
So, buckle up, tighten up and consider some phishing email testing to see which team members might be vulnerable to clicking on cyberthreats.
I have personally done this with a lot of organizations; the results are always interesting — and helpful.
Stay safe out there.
Blake Dowling is CEO of Aegis Business Technologies. He can be reached at email@example.com.