Could Your Data be Held for Ransom?
When you hear the word “Ransom,” what comes to mind?
- A Mel Gibson action movie?
- Bette Midler kidnapped in the movie Ruthless People?
- Faxed ransom notes with the letters cut out from magazines?
- A $1 billion dollar “industry”?
- An easy way for hackers to extort money from small businesses (like yours) by holding their data hostage?
As a business owner you understand (or you should) that network security is important to your business’ success. Complying with HIPAA regulations is compulsory and also simply good business – having patient information hacked isn’t good for retaining your patients.
Now there’s something new to worry about – Ransomware.
Ransomware is malware that encrypts and locks your data. It’s usually “caught” by visiting an infected website or through a phishing email. A ransom is then paid via digital service such as Bitcoin to regain control of the data. Deleting the malware generally deletes the information. Once you’re data is held for ransom you basically have two choices – pay the ransom or lose your information.
Ransomware = Easy Money
Ransomware is the latest growing trend for hackers to separate companies from their money. In 2016, 64% of U.S. Businesses paid ransom “requests.” The average ransom is $1,077 per attack in 2016, up from $264 in 2015.
Note that relatively small average size of the ransom. These criminals usually aren’t going after large companies with deep pockets – and the best network security money can buy. Why would they when there are hundreds of thousands of small business (such as dental practices), who’s security measures are weak – or non-existent. Why try to rob Fort Knox when front doors all over the country aren’t even locked?
The FBI estimates that over $1 billion in ransom was paid in 2016 (though it’s probably more because the crime is under-reported).
And this isn’t a buzzword that happens to “other people somewhere and I heard about it happening to a friend of a friend of a friend.” No. We have direct experience. We’ve gained a customer because they had had data held for ransom. And we were able to prevent a customer from being held ransom BECAUSE of our combination of network security and backup services.
Think about this: what would you do if you suddenly couldn’t access your patient records and received a ransom note for $2,000?
Beyond the basics of good network security, there are two quick tips I’d like to share (and that we’ll go into more detail on in the next few weeks):
1. Practice good email hygiene
2. Invest in a backup strategy
One in 131 emails contain malicious links or attachments – don’t click on anything that doesn’t seem right. A good backup strategy will mean your data is backed up at regular intervals. While you may lose a day’s worth of new data or an hour (depending on the frequency of your backups), you’ll always be able to restore your data so you won’t be held up for ransom.
I want to repeat this – this is a real threat to every business. It’s a particular threat to small businesses because many don’t have robust security in place or a sound backup plan.
It can happen to your information.
Don’t let it.
All statistics are from the recently-released Symmantec report, Internet Security Threat Report. https://www.symantec.com/about/newsroom/press-releases/2017/symantec_0426_01