It’s one of the hardest things in my line for work. Having to tell a business owner they are SOL (crap outta luck) after they’ve been hit by ransomware or some other Cyber-Threat. Even worse when I’ve met with them previously and made recommendations to help them avoid the problem to begin with however they decided to roll the dice and take their chances. Why bother investing in proper protection when those kind of disasters only happen to other business owners, right? WRONG

I met with “Frank” (name changed to protect the innocent) and we had a great discussion about his business, what is important to him, his goals personal and business along with reviewing the part technology played in making those goals happen. Looking at his existing setup, I pointed out areas for improvement and the risks of not addressing them. Frank admitted he needed to do something however he'd survived this long without problem and he had other priorities. He decided the status quo was good enough for his business. He “shoulda” taken the risks more seriously.

That’s important to know because he called back later in a panic, looking for a miracle. One of his staff had opened an infected email attachment causing his company to get hit by the latest version of ransomware. All his company files, accounting records, client files and even his backups were encrypted by cyber-criminals and they were demanding payment to regain access to his files. This “coulda” been prevented.

Without the proper solutions in place PRIOR to a ransomware attack, I explained there was no easy solution to quickly clean up the mess and shared with him the best practices for recovering from a ransomware attack. He was left with a difficult decision to make; pay the cyber-criminals and hope they were the “honest” type that would actually give him back access to his company data once they were paid off (and not re-encrypt once they learned we was willing to pay) OR authorize expensive remediation of the ransomware infection and incur the associated costs of downtime and lost productivity. We both “woulda” preferred a different outcome.

Don’t Get Caught Looking Back – 5 Tips To Avoid Becoming a “Frank”

Instead of sending a ransom payment to Cyber-Criminals hoping for the best (something we strongly recommend against), you REALLY should be taking steps to not end up in that kind of situation to begin with.

  1. Implement Advanced Endpoint Protection (AEP) – Traditional Anti-Virus software depends on updated virus definition files to provide protection. That means for each new virus SOMEONE has to discover the new threat (normally after an outbreak has started), a fix developed by the Anti-Virus firm and then the new updated virus definitions sent out to subscribers. This window between discovery and the fix being sent out can vary from hours to days depending on the severity.The Advanced Endpoint Protection product we recommend is SentinelOne. It doesn’t depend on definitions, it looks at file and system behaviors. For example, a Word document shouldn’t be trying to call out to the internet to several different countries or start to make changes to other files. This would be strange behavior and would be stopped from occurring. The three big advantages SentinelOne brings to the table:
    • Computer forensic capabilities - We are often asked where did the infection come from and how did it happen. With the forensics reporting in Sentinel One, we can now answer those questions.
    • Behavior based protection – no more depending on a security company learning from other people’s misfortunes before providing you protection (or worse, you being the “test” subject for a new infection)
    • System Roll Back – threat did hit the system? No issues. Sentinel One has a feature that allows for any file changes to easily be rolled back. This is NOT a backup however it does save a ton of productivity time when recovering from a problem.
  2. Image Based Offsite Backups – Backing up files and folders is ok, however it doesn’t back up your programs, configurations of preferred settings. Image backups are like taking a snapshot of your whole system at that point in time – programs settings and all – and that image can be restored, lowering the recovery time frames and associated downtime and lost productivity. Many of the newer virus’s are now targeting backup files so it’s important to have copies offsite as well. Something to be cautious of; services like Drobox, OneDrive or other sync services are NOT a backup solutions. If the virus hits files in the sync program on one system, the infected files get synced to ALL computers with access to the shared files.
  3. Keep Computers Patched - this simply means ensuring the latest security and program updates are installed on your systems to help close doors cyber-criminals could potentially use to attack you. You don’t have to burn a bunch of productivity to accomplish closing these doors into your systems, you can work with a Technology Management firm that can automate and oversee this for you.
  4. Staff Training – Have you trained your employees on what to be looking for when it comes to Cyber-Threats? Whose fault is it really if they click a bad link or open an infected file if they haven’t been shown how to protect themselves and the company? One training session isn’t enough – you wouldn’t expect to be clean forever because you took one shower. So it goes with security training - There needs to be regular ongoing training so people are reminded to stay vigilante.
  5. Documented Policies and Procedures – What will you do when you get hit by a cyber-attack? The worst time to hold a fire drill is during a fire. Planning in advance will lower stress, panic and minimize the impact of the event. Examples of such policies would be:
    • Incident Response Policy
    • Mobile Devise Policy
    • Data Retention Policy
    • Password Policy
    • Disaster Recovery Procedures

I hate having to tell fellow business owners they are SOL because they didn’t take affordable and reasonable precautions BEFORE being hit by ransomware. Don’t be a “Frank”, avoid this Shoulda Coulda Woulda scenario.