By Dan Gospe
According to a study from Intermedia, when dealing with Ransomware viruses, paying the ransom may be cheaper than the downtime it causes.
From the study, 72% of infected businesses had no access to data for greater than 2 days, and almost a third of infections resulted in 5 days or more of lost production. A business continuity and disaster recovery plan is essential to reducing downtime in an infection, and the cost of securing your network to avoid ransomware altogether is cheap in comparison, with many measures you can take yourself, for no cost.
Ransomware is Becoming More Common
The Intermedia Survey states that 48 percent of businesses saw an increase in ransomware viruses so far in 2016, and the number is expected to continue to increase as the viruses continue to develop. For criminals, ransomware is an attractive method for making easy money, which is increasingly difficult to track by authorities.
Are You Low-Hanging Fruit for Ransomware Viruses?
Many dentists don’t realize just how easily their systems can be breached, and many of the methods for blocking the virus can be done for little-to-no cost. A little legwork each month can keep you protected, and automation tools are available to ensure that your network is always as secure as it can possibly be.
Here are some things that you should consider when you are protecting your vital data:
1. Business-Class Antivirus
This one is obvious, but many people don’t know if the antivirus they’ve chosen is really any good at thwarting attacks. A good antivirus software will have more than just virus definitions – it should also be monitoring the Windows Encryption Service for any activity whatsoever. The Encryption Service is available on Windows, and doesn’t necessarily trigger an alert to the computer as it is a viable part of the Windows Operating System. Your antivirus should be monitoring this service, and ensuring that it is only being used when strictly permitted by the administrator of the computers.
A good business-class antivirus should also have in-depth reporting – if you do get a virus, you’ll want to know where it came from. Did it come from a malicious advertisement on some URL on the internet, or did someone click an email link, or enable Macros on Microsoft Word? These things can help determine any overlooked security holes if any virus activity is discovered.
Not all malicious advertisements are buried on the sketchy parts of the Web. In 2014, Match, Yahoo, and others were infecting visitors via malicious advertising that these companies knew nothing about.
2. Keeping Flash, Java, and Windows Up-To-Date
Less obvious is the need to update Flash and Java, specifically, as well as other commonly used programs that are on most computers. Viruses are deployed using something called Exploit Kits, which scan for a number of vulnerabilities allowing a virus to be installed through one of multiple methods. With exploit kits, it’s important not to just cover “most” of your security holes, but to cover all of them.
3. Using a Domain Network with a Windows Server
In a Domain Network, a Windows Server manages all communication on the network, and allows for securely sharing specific data with specific users. Much more common, however, is a “peer-to-peer” network, which opens up all kinds of doors for infection. In peer-to-peer networks, individual PCs have the power to laterally infect other PCs, or encrypt their data remotely.
If you have a Windows Server, it’s not necessarily true that it’s set up in a secure Domain environment. However, where security is concerned, a Domain configuration locks down the network by not only managing all intra-office data communication, but by logging each and every individual action on the network so that if any nefarious activity is attempted, it can be stopped at the source – or disallowed to begin with.
4. Disabling Macros on Microsoft Word WITHOUT notification
In Microsoft Word, the default for Macros is to “disable with notification”. The problem here, is that a user will be greeted with a window saying “This Document has Macros, would you like to Enable Them” or something to that effect. The user, many times, will say “Yes” because they believe the document is legitimate. However, once you enable macros, it’s over. If you disable WITHOUT notification, then the user has no choice and can not enable them for the infected document.
5. Business Continuity and Disaster Recovery Planning
These viruses are constantly evolving, and new avenues for infection are becoming available as Exploit Kits are updated. Even if all of your security holes are plugged, you are going to need a system in place to reduce downtime. As stated above, the vast majority of infections results in at least 2 days of downtime. You can avoid this by having a strong backup system in place.
There are many methods for backing up your data. Whichever you choose, you’ll want to make sure that you have an updated backup of your system in a format that you can either virutalize, or restore from easily. The virtualizable solution can bring downtime to less than 30 minutes, and is considered the best-in-class. If that is outside of your budget, then you’ll want to make sure you have an encrypted backup that you can use to reimage your server in just a few hours.
An important consideration, is that Ransomware does have the ability to encrypt external devices that are attached to the server (i.e., your backup drive), which nullifies your backup. You’ll want at least a couple of drives that you swap out, so that if you do get infected the worst case is restoring to the backup from 2 days ago.
Offsite backups are also incredibly valuable, as ransomware will not overwrite your cloud backup – even if the cloud backup is triggered after infection, you’ll have previous versions of your data files that you can retrieve.
Moving Forward
If you are not sure if you are secure, or you want a second opinion, you can Contact Us at dmi Networking for a free network evaluation and consultation. Remember that you have a lot of options for securing your systems, and many of them can be done manually at no cost.
Dan Gospe is the Chief Operating Officer and HIPAA Privacy Officer at dmi Networking, Inc. He can be reached through the contact form on this site, or in his office at 707-523-5915.