Organized crime, mostly from outside the U.S., is getting very sophisticated in their extortion attempts. These groups are using many different approaches in the attempt to get business users to open an email and click a link. Once clicked, a virus is installed on the computer and it is locked, rendering the files inaccessible. Or, worse yet, the virus travels to your company server, and encrypts that. Only the hacker can unlock it and a ransom, usually in untraceable Bitcoins, is demanded.
Without a backup of the computer’s data, a business’s activity can be completely halted. At that point, what choice is there?
Some companies simply pay up, but the price can be steep. Prevention is the better course of action. Here are the layers of protection that should be applied:
SMTP Gateway — This first step in filtering email spam directs all incoming emails through an SMTP gateway. Unsolicited bulk emails are then held back and don’t reach the email recipient’s inbox.
Firewall — With up-to-date intrusion prevention installed, a firewall can do an additional SMTP scan to identify threats.
Computer — Antivirus software scans incoming emails and flags suspicious ones. Because the hackers are always changing their methods, this software needs to be updated constantly to reflect the new malware that is created.
User Training — Your staff should receive training to recognize the latest types of scams. It can be a photo or other attachment that was unsolicited, or a link to a website domain that’s can be mistaken for the real one. Regardless, employees need to know how to spot the scams, to report them to your email administrator, and what to do if they accidentally click on one.
Data Backups — Regularly scheduled backups of your computers and servers will protect your data. Should you have a failure on a device, it can then be wiped, the data restored, and business can continue.
Without these precautions, your business is at risk. If you do get hit, we recommend that you not pay the ransom. There is no guarantee that the decryption key will arrive, or that it will decrypt the files, and then your data and your money are gone.
But why take the risk of Cryptolocker or any other ransomware getting access to your data, when the danger to your business can be prevented? Contact us today for a security check on your email system.