Small Businesses today are challenged with investing in network security and keeping up with technology with limited resources and budgets. Ransomware is a type of malware that encrypts files on a targeted computer and demands payment in exchange for unlocking them. Here are the top three steps SMBs can take to protect themselves from Ransomware:

- Backup your data regularly and test restores to ensure the backups are working properly,

- Avoid using administrative privileges on their company computers to avoid becoming a ransomware victim, and

- Implement an antivirus program with an automatic update.

1. There is no such thing as 100% cybersecurity protection. It is important to have up-to-date antivirus protection and not allow admin access to the company computer.

2. It is important to ensure that all employees are educated on the dangers of Ransomware and have a plan in place for how they will respond if a computer is infected with ransomware as employees can cause more damage than any malicious software.

3. It is important to have an audit process in place for all employees to ensure they are not downloading malware or ransomware onto their computers.

4. It is important to stay vigilant on the threat of Ransomware and keep working with your IT provider prior to any attacks happening. Ransomware is still a very real threat that could affect your company and compromise data.

• Establish security practices and policies to protect sensitive information

• Educate employees about cyberthreats and hold them accountable

• Require employees to use strong passwords and to change them often

• Employ best practices on payment cards

• Make backup copies of important business data and information

• Create a mobile device action plan

• Protect all pages on your public-facing websites, not just the checkout and sign-up pages

  The survey also found:

  • 65 percent of business owners admit they have been victim of a cyberattack; computer virus attacks are the top type of attack reported at 33 percent, phishing is number two at 29 percent.

  • 86 percent of business owners believe that digital risk will continue to grow.

  • 30 percent of companies with 11-50 employees do not provide any type of formal training on cybersecurity.

  • Despite the simplicity of regularly updating software, seven percent of companies still fail to take that step.

  • Reputational risk is among the top reasons (45 percent) why business owners would consider investing in or purchasing a cybersecurity policy.

  • 35 percent of business owners who have never experienced a cyberattack are unaware of the financial cost to recover, highlighting a dangerous gap in knowledge from the implications.

In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can’t map every possible avenue for attack.

What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.

Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.

Even if you had a perfect anti­virus program that could detect and stop every single threat, there are many attacks that circumvent anti­virus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or “brute force guess” a weak password, all the antivirus software in the world won’t help you.

There several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.

The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.

Here are a few examples:

• Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
• The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
• For example, CompTIA (https://www.comptia.org) left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.

For the physical layer, you need to:

• Keep all computers and devices under the supervision of an employee or locked away at all times.
• Only let authorized employees use your devices
• Do not plug in any unknown USB devices.
• Destroy obsolete hard drives before throwing them out

Next time in Part II, we will talk about the human and network layers of security.

Net DirXions Mobile Device Management

Every business, small or large, has 3 basic levels of technology support needs.

1. Make sure it works - Every organization, from enterprise to not-for-profit, needs IT staff who are able to offer routine maintenance and support, including the updating of hardware and software, handling maintenance, and putting out daily fires.

2. Make sure it works when needed - Technology supports business activity 24/7. Even when everyone in a small business has gone home, there are periodic non-negotiable staff needs at unpredictable times.

3. Make sure it helps make you more money - This top tier is the most important. This is the support that is helping you to proactively manipulate technology to improve revenue.

Why Net DirXions?

When you have no or only have a part-timer or one full-time IT person in-house, too much of this well-paid resource may be focused on putting out fires, doing routine maintenance, and handling software updates. Result? The IT staff member that best understands your business doesn't have the time to help you devise forward-thinking applied technology to grow your business. This is a waste of resources. Instead, use their expertise to develop your business: use Net DirXions to provide all of the below-ground support.

Here are some areas where Net DirXions can be your best business ally.

1) Specialized areas of support - Net DirXions specializes in specific business sectors and have deep knowledge of the their needs, the specialized software packages and the Federal, state or provincial level regulatory environment. We can help you make sure your technology stays in compliance with regulations, such as those requiring the maintenance of verified security procedures. ( e.g, HIPAA)

2) Help desk support - For all of the various questions, problems, hardware and software crises that can happen anywhere, at any time, a 24/7 help desk means your IT staff isn't distracted by smaller problems, and dragged out of bed by a routine issue at 2am.

3) Security and data protection - With the increasing news about hacking and data theft, it is apparent that everyone will be compromised at some point or another. This is an area where you can benefit from the deep specialized knowledge of an expert. Because it seems new malware and hacking tools are invented on an hourly basis, Net DirXions can provide the support you need to protect your data.

4) Disaster planning and recovery - Smaller firms are the most vulnerable financially to the revenue damage that comes from downtime. However, they have the least resources to focus on this vague and seemingly improbable threat. Net DirXions can provide consulting resources to plan what needs to be done to minimize the effects of a disaster, and put into place procedures to ensure a speedy return to business-as-usual if something does goes wrong. 

5) Software updates - Software updates are a necessity, but can potentially create headaches for every user. Instead of distracting your in-house IT staff with this routine and time-devouring procedure, use the resources of Net DirXions on a scheduled or as-needed basis to handle all of this in the background.

6) Avoid expensive emergency upcharges and exorbitant one-off fees. Net DirXions can offer you a service plan that provides on-going levels of support and includes priority attention in the event of an emergency, so you avoid becoming just another client in the queue. To summarize, the Net DirXions model offers more than IT support. The model provides a different business model for the role of IT as an integral part of your entire long-term development strategy. Technology is more than just a low-level distraction that takes you away from the core issues of your mission as a business. Technology, when managed right, is a key driver of that mission.

This cyberattack scheme hasn't garnered nearly as much attention as the usual “break-in-and-steal-data-to-sell-on-the-Internet” type, but it can be even more debilitating.

Ransomware attacks have begun appearing in the last few years and its practitioners are so polished that in a few cases they even have mini-call centers to handle your payments and questions.

So what is ransomware? The business model is as old as the earliest kidnapping. Ransomware stops you from using your PC, files or programs. The attackers hold your data, software, or entire PC hostage until you pay them a ransom to get it back. Obviously, seeing that you are dealing with criminals, there isn't any guarantee you will ever get your data back just because you meet their demands.

The M.O. is pretty simple. You suddenly have no access to a program or file and then a screen appears announcing your files are encrypted and that you need to pay (usually in bitcoins) to regain access. There may even be a Doomsday-style clock counting down the time you have to pay or lose everything. Microsoft reports that some versions accuse you of having broken a law, and that you are being fined by a Federal agency, police force or other official enforcement office. Some versions use the FBI logo.

Interestingly, one of the more common “market segments” being targeted in the US has been public safety. Police department data is held hostage, and in many cases, they have given up and paid the ransom. They had little choice. They aren't the only ones. Within a week, a hospital in southern California also fell prey, as did one in Texas.

Ransomware can be especially insidious because backups may not offer complete protection against these criminals. Such new schemes illustrate why you need to be aware of the latest criminal activities in the cyber world, and make sure your data protection efforts are up to date.

Here are 5 steps you can take right now to protect yourself from ransomware:

1) Make sure you continue to keep your antivirus software up to date.

2) Train your employees to be aware. People remain the biggest source of security breaches. Employees unwittingly open malicious emails or go to corrupted sites and expose their employers’ networks and infrastructures to malicious software.

3) Backups are probably the most important method to restore your systems if you suffer a ransomware attack. Make sure that your backups are detached when the backup is not occurring. Otherwise, you risk that even backup files will be corrupted.

4) Keep all of your software programs updated. Software developers frequently patch vulnerabilities with new updates. These simple tips discussed work like the locks we put on our front doors. Just as you wouldn’t leave your home unlocked and invite a robbery, you shouldn’t leave your data vulnerable to an attack by miscreants. 

5) Use pop-up blockers. AdwCleaner is one. It not only blocks unwanted pop-ups but also protects against browser hijacks, malware and adware.