Ransomware is here to ruin your day, your week, your year, your company.

What if you came into your office and saw this message on your computer screen:

“We have locked you out of your computer. We have encrypted all of your data. If your company does not want to cooperate with us, we will give them 24 hours to change its decision. If you do not cooperate with us, we will leak your entire database, these are personal data of customers and employees, as well as financial documents. Also, your website is currently under DDoS Attack, we will attack it until you contact us. We still have many ideas on how to make problems for the company and your clients. Think about the company’s reputation. We have approximately  ~44 GB of company information including confidential documents, personal data of customers and employees, as well as financial documents, they will be available here soon (:”

You attempt to log in to your computer but to no avail. You’re locked out, and this is the only thing you see on your screen. 

Every day this is happening all across the United States, to companies large and small. This is a multi-billion dollar business, one of the fastest-growing in the world, and now you’ve become a customer. This is what a ransomware attack looks like, and if you see this screen, it’s probably too late. But, you say, we have the Fort Knox of internet security in place, this can’t happen to us. And yet ONE. SINGLE. CLICK. from your lowest level employee could blow the front door wide open, flying right past most defenses.

If you’re one of the many who have experienced this, you know exactly how devastating and helpless it can be. If you’re one of the few who have recovered from it, congratulations, most do not, or they suffer massive data and/or financial losses, not to mention the reputational harm of having to notify all of your clients or patients that they’re personal information has been exposed. 

Being prepared for a ransomware attack is possible, practical, and should be your top cyber priority for 2021. I’m still amazed at how few companies are taking this existential threat seriously. Frankly, it’s foolish not to prepare yourself. Here are 3 steps you can take right now to harden your defenses and be better prepared WHEN you are in the crosshairs. 

First, create a smarter email policy. The overwhelming number of successful attacks are still being triggered by email phishing campaigns. Regular, by that we mean weekly, fake phishing attacks, security reminders, and training courses should be routine for your staff. First and foremost – harden your staff – they are the weakest link. Second, lock down your email system. Do all of the free configuration changes you can make to harden your email system (there are too many to go into here, but call us for help or details). 
Second, make sure you have solid backups that are being routinely tested for viability. Most ransomware variants will seek and destroy known backup file extensions. If you don’t have a solution that automatically takes current backups off-line and therefore inaccessible to roving ransomware, you need to invest in one that does. 
Third, invest in the latest generation of endpoint protection software designed to thwart the behavior of ransomware before it gets going. We’ve been impressed lately by the new endpoint protection offerings from Sonicwall. Known more for their firewalls, their latest generation of software products that don’t require their hardware is worth considering. 

If you aren’t taking your cyber defenses seriously, it’s no longer a question of whether or not you will regret it, but when. 2020 saw an absolute explosion of cyber-attacks, and the pace has continued into 2021. These attacks have become sophisticated and tricky, and they’re still getting better. Please help to stop it.

Several years ago we got into HIPAA compliance to help our clients protect their patient’s records. Today, HIPAA compliance is still vital, but our mission of protecting patient records goes well beyond meeting HIPAA’s requirements. If you take protecting your patient records as seriously as we do, call us to learn how our cost-effective solutions are making companies more HIPAA compliant and more cyber-secure.

If you think they’re after you, maybe you aren’t paranoid. Maybe they are. Share less! Click smart.

 


If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.


For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.