By Jacqueline Hinchcliffe—As technology becomes more advanced, so do cyber attacks. Various kinds of ransomware, malware and other computer viruses can be a business owners’ worst nightmare. In fact, 2021 saw a major cyber-attack that affected various software and other operations in the flooring industry. Aside from installing the typical virus protection from software like Webroot, McAfee or Norton, there are plenty of other steps business owners should take in order to ensure their information is safe from hackers.
FCNews tapped two flooring software giants, QFloors and RFMS, for tips and tricks on how to keep your information and data in the right hands—yours.
Chad Ogden, CEO/president, QFloors
Six Ways You Can Protect Yourself from Ransomware
If you own a business, ransomware is your new bogeyman. The past year has brought an unprecedented explosion of victims, with more attacks than ever before. And while we frequently hear news reports about yet another huge corporation attacked, we don’t typically hear about the thousands of small-to-midsize companies who are also being affected. These attacks existed before but they are becoming more frequent, more sophisticated and more widespread. The effects, disruptions and costs to our global economy were so concerning that in 2021 the U.S. government created a new cybersecurity division, CISA.
While there’s no use wringing your hands or losing sleep over it, you need to do all you can to protect yourself and your company from the threat.
First, let’s understand a bit more about ransomware. Ransomware is carried out by organized groups of high-level technology specialists (programmers/hackers). They are well educated and extremely well-funded. (Drug cartels make chump change compared to these bad guys.) In an attack, they penetrate firewalls and take over all computers within an organization and then change the data saved on the computers into a format that only they can read. The data is no longer accessible to the people who own the computers or network. The bad guys leave a note on your desktop informing you that your computer has been hijacked and to contact them for specifics. The “specifics” are that they will gladly return your information/data after you pay them X amount of dollars.
These attacks are very sophisticated and are penetrating even some of the most secure networks around the country. So, no one is completely immune from this risk. Even the best firewalls can be penetrated.
I speak from experience. On May 15, 2021, QFloors had a ransomware event hit our software company. Thankfully, the good news is we had taken precautions ahead of time to help us successfully navigate this attack. But we also learned some important (albeit painful) things by going through this difficult experience. While I don’t particularly enjoy rehashing the past, it’s worth it if even one company is benefited by us sharing some of our takeaways from the experience.
We were extremely fortunate. With our attack, we had all of our cloud customers back up and running within four calendar days. We did not pay the ransom, and no data was lost (which was a big deal). Compare that to 21 days, which is the average number of calendar days a ransomware victim is down, according to several news sources. The average ransom a year ago was $300,000, but experts report those are going up as well. And, of course, large corporations are paying much, much more than this.
Even if you pay the ransom, everything is not instantly back to business as usual. First, you are negotiating with criminals, so you aren’t guaranteed to get your data back even if you do pay. Some ransomware groups are more “reputable” (if you can call it that) than others as far as returning uninfected data. Even if they do release your data back to you, it could take weeks to get operations back to normal and, even more concerning, sometimes they leave back doors in your system for future exploitation.
So, here are a few essential ways you can prevent or navigate this type of event.
- Disconnected backups. The first thing that most ransomware bad guys do is to destroy all backups. So, you need to protect them, and you can do this via disconnected backups. A disconnected backup is one that has been unplugged or severed from the network once the backup has been performed. There are many ways this can be done. The simplest way to do this is to backup to an external hard drive and then unplug the cable. Of course, there are other more sophisticated and automated ways of doing disconnected backups, but they require the help of an IT expert. Disconnected backups will prevent the bad guys from being able to access and, therefore, compromise your backup data.
- Firewall. Ensure your Firewall is up to date and in compliance with PCI recommendations. Your IT person will probably need to oversee this.
- Training. The majority of successful ransomware attacks are sparked when an employee clicks on a dangerous link within an email or they visit a website that is not safe. Currently, the only way to help prevent this from happening is training your employees to be extremely cautious about the emails they click on and the websites they browse. You can also set up filters to prevent them from browsing dangerous websites. For larger companies, you can actually set up regular phishing tests to go out to your employees to see how astute they are. When people “fail” the test, they are taught once again the red flags to watch for. There are outside companies that can do this for you or you can conduct the testing on your own.
- Regular, secure backups. If you are storing critical data through a partner (for instance, a hosting company), make sure they are implementing the backup strategies suggested above, and conduct testing to ensure the backups are happening regularly, accurately and completely.
- Contingency planning for any outage. Brainstorm and then implement policies that will allow you to continue to run your company (albeit less efficiently) if your technology goes down for a period of time. Keep in mind that outages occur not only because of ransomware but, much more often, due to events such as power or internet outages, natural disasters, fire or theft. Consider those things you need to do in order to be able to continue to operate in these types of emergency situations. At minimum, you should define workarounds on writing up a customer order, taking a customer payment and continuing your planned installation schedule. Just as a few examples: Keep a stack of pre-printed invoices that could be used in an emergency; make sure you have alternate ways to take a credit card if your internet goes down.; keep a backup copy of your installation schedule somewhere if it is electronic.
- Assessment. The U.S. government CISA department has created a self-assessment called the Cyber Security Evaluation Tool. You can access it via their website.
Unfortunately, this threat is not going to go away soon. Just as 9/11 changed airport security, ransomware attacks are requiring all of us to adapt and protect ourselves in new and ever-evolving ways. I encourage everyone to at least consider these ideas and other ways they can minimize risk.
Kaitlin Harris, sales and marketing specialist, RFMS
Since we take the threat of cyber-attacks very seriously, we trust the experts at our partner company, Isogent, to help keep us and our clients’ data safe. There are multiple actions companies can take to prevent cyber-attacks but to try and keep it simple for our clients we stand behind Isogent’s Nine Steps, in addition to the basic preventative measures provided in our subscription, which include backups and both Crowdstrike and Threatlocker on Isogent’s servers (where over 600 of our clients’ databases live).
Isogent’s Nine Steps:
- Security awareness training – Train and test your users to recognize and avoid security risks before they occur.
- Hornet enterprise security – Advanced email filtering, backup of email, SharePoint, OneDrive Microsoft Data.
- ThreatLocker – Add zero trust policy-driven security to your endpoints. Application whitelisting, ringfencing and data storage control protects your business from malicious software.
- Duo multi-factor authentication – Verify and secure access to your workstations and applications with a user-friendly, scalable security platform that keeps your business ahead of ever-changing security threats.
- Anti-virus with AI and enhanced detection and reporting – Protect yourself from crypto attacks and ransomware with artificial intelligence and enhanced detection and reporting for true zero-day protection against malware and viruses.
- Secure WAN, LAN, VPN and update practices – Ensure endpoints, routers, firewalls, WAPs, switches and VPNs are configured correctly and have the latest updates and security patches to protect and connect your users while blocking the threats.
- Workstation endpoint backup – Ensure workstations and work products are backed up and secure in the event of an attack or hardware failure.
- Move applications to the cloud – Increase your security, lower your maintenance costs and increase your productivity by moving your applications and files to the cloud.
- Air gap backup – An additional level of data backup, disconnected from your net- work and stored offline to recover from outside attacks.
Fortunately, we have never had a client that is hosted by Isogent experience any data loss to date. Whether floor covering retailers use our software and Isogent’s hosting services or not, they need to have a plan and a reputable security software— if not multiple—in place. Too often people do not take this topic seriously until it happens to them, and unfortunately the threat seems to only be increasing in today’s world.