Not worrying about Ransomware, might not sound like good Cyber Security Advice!

Not worrying about Ransomware sounds a bit strange coming from a Cyber Security company, doesn’t it? Fair point. Let me explain.

Firstly, what does Ransomware do?

Ransomware, by design, encrypts data of some kind, usually with the intention of extorting money from you. The encryption is aimed at preventing you from accessing the data. But importantly, you can recover from this.

Do you have an offline data back up?

I’m going to make an assumption – you have an offline backup of your data, right?  Good. If not – stop reading and go and get that in place before it’s too late.

Seriously – you can come back and read this afterwards! If you’re in any doubt about how to back your data up offline, contact CyberScale and we can discuss your specific circumstances and requirements.

OK, so now we’ve established that you have a backup in place, you can at least recover your data after a Ransomware incident. Good start.

Next, systems – desktops, laptops and servers predominantly.

Depending on the type of Ransomware, it may “just” encrypt user data (documents, spreadsheets etc.), or it may encrypt system files and/or entire hard drives making your systems unusable.  Either way, you may need to rebuild systems.

Even if only user data is compromised, can you be sure of removing all traces of the Ransomware and preventing re-occurrence without rebuilding your systems?  This can be a royal pain, but’s it’s achievable.

You CAN restore your data, and your systems (as long as you have those backups).  So, is that the reason you don’t need to be worried about Ransomware specifically?

Well – no.  The reason is, quite frankly, you have bigger things to worry about.

So, what should you worry about?

If you’re affected by Ransomware, it’s concrete proof that there’s either;

  • Lack of awareness about cyber security in your organisation (allowing the Ransomware to get in),
  • Vulnerabilities within your systems (allowing the Ransomware to run),
  • Flaws in your processes (allowing the Ransomware to bypass existing protection),

or, a combination of all three.

Therefore, your focus should be on this, rather than Ransomware itself.  Why?  Because those same vulnerabilities and flaws make you equally at risk to different types of threats that could be far more damaging and difficult to recover from than Ransomware.

Think about those possibilities, and you can start to see why Ransomware might be the least of your worries.  So what should you do?

Take Some Action!

Well, start by accepting that you are at risk – if you use IT in any way, it’s just a fact of life (see our other blog post if you’re a small business and think this doesn’t apply to you).  Commit to doing something about it, whether you do that yourself or get some help.

Next, you can’t protect what you don’t know about.  Start with a simple audit of your systems and data, how data is stored and used, and figure out what’s important to your business.  Think about the impact of losing a particular system for a number of days, or customer data being exposed – what would it do to your business.  This will help you work out your “risk appetite”, and in turn all of this will determine what levels of protection are appropriate.  Look at what you have in place now, and where the gaps are.

 

Get in touch with Cyberscale for some professional advice and support.

As for that detail – well, that’s for another blog.  But I hope you’ll get started in the meantime.

About Cyberscale

At CyberScale we provide pragmatic IT security solutions adopting a simple approach; Understand, Plan, Implement and Manage.

We understand security. We also understand that cyber security and data protection can be confusing and hard to keep up with, especially without dedicated staff.  We’ll translate threats and regulations into what’s relevant to your business, and explain everything in a clear, non-technical way.

Every business is different.  That’s why your plan should be focused on your business.  We’ll make sure it is.