The Real Cost of Ransomware

Ransomware IBIS TechnologyIt only takes seconds for ransomware to block access to an entire network, but the vast majority of businesses remain locked out of crucial files and systems for a week or more, with the impact causing severe financial and reputational damage.

Data gathered from over a thousand businesses which have been victims of ransomware within the last year suggests that 85 percent of those infected by the malicious file encrypting software had their systems forced offline for at least a week, while a third of cases resulted in data being inaccessible for a month or more.

Worryingly, 15 percent of those targeted with ransomware found that their data was completely unrecoverable.

The figures, published in The Grim Reality of Ransomware report by Timico and Datto, paint a grim picture for businesses. Most appear to be grossly underprepared for the potential of falling victim to ransomware, a form of cyberattack which has become extremely lucrative for cybercriminals, who pocketed $1bn from it last year alone.

Despite the rising threat from a criminal activity which is getting easier and easier to carry out, many organisations still don’t have any sort of proper strategy in place to deal with a successful ransomware attack. Indeed, figures in the report suggest that 63 percent of organisations have no official ransomware policy in place at all.

That’s particularly dangerous because the effects of a ransomware attack are almost instant. Sixty-eight percent of businesses surveyed said that their networks went from functional to encrypted and useless in mere minutes, while almost a quarter revealed that the lockdown occurred in just a few seconds, bringing operations screeching to a halt.

Perhaps it’s because businesses fear the financial impacts of not being able to access their data that half of those which fall victim to ransomware eventually gave into the ransom demand of hackers, paying the criminals to restore networks.

Nearly a quarter of respondents admitted their organisation had paid over £5,000 to retrieve their data, while a further quarter paid hackers between £3,000 and £5,000.

Larger organisations were more willing to pay significant ransoms, but they weren’t the only targets. The most common ransom paid amongst small and medium sized businesses was between £500 and £1500, proving that there’s still easy money to be made from targeting organisations of this size.

Ultimately, the report paints a picture of businesses still being massively underprepared for what’s now a significant cyber threat — and that needs to change, say the report’s backers.

“It’s critical that all organisations, no matter what size, acknowledge the increasing and evolving threat of ransomware as attacks become ever more frequent and instil a policy, that is regularly updated, to educate staff on what to do if the business comes under attack,” says Nabeil Samara, chief digital officer at Timico.

“Protection and communication are key to the difference between success or failure and will save the business infinite costs in the long run.”

A willingness to play ransoms to cybercriminals also points to a lack of awareness about schemes which provide free decryption tools, indicating that despite the authorities talking big on ransomware, the message isn’t getting through.

Source: http://www.zdnet.com/article/the-real-cost-of-ransomware-attacks-take-most-victims-offline-for-at-least-a-week/

Best Practice BYOD Programs

What is BYOD and How Can It Bring a Company to its Knees?

BYOD Policy Bring Your Own Device IBIS Technology

Smartphones, tablets and personal laptops are just a few of the BYOD – “Bring Your Own Device” craze in full swing throughout corporate America.  It is common practice for an employee to bring their high tech gadgets to work. Seems pretty harmless, right?

But consider this: Are employees using these devices to access company servers to download proprietary and sometimes confidential documents on these devices? How can your company manage the demand for accessing this information?

It may be the right time to establish a BYOD (Bring Your Own Device) protocol for your company. Having IT policies in place can open up the doors to a nonstop flood of concerns, starting with the hazard of unsecured devices. And yes, the advantages are equally hard to deny. That leaves your IT personnel to handle the fallout from these policies and eliminate the ‘high-risk’ portion of their default high-risk and high-reward state.

The BYOD – Bring Your Own Device Craze Creates Risks

Here are five issues you’ll want to pay attention to moving forward with BYOD (Bring Your Own Device):

1.) Lost Devices. All the security protocols in the world won’t do any good when a person outside of your company gets control of their device. Whether it’s been lost or stolen, a device in the wild can’t be left free to spill whatever data it may contain. Lockdown procedures are extremely important with BYOD (Bring Your Own Device), so make sure you have this security hazard in order.

2.) Personal Use. Draconian control of personal use is possible, if not efficient, when you’re dealing with company property. The idea becomes laughable when dealing with a BYOD (Bring Your Own Device) policy. However, if you try to keep people from using their mobile devices for their own purposes at work, or especially at home, all you’re going to do is waste a lot of effort and gain nothing in return. You need to teach and reward good security behaviors on and off the clock, because you can’t force them.

3.) Acquisition and Maintenance. BYOD (Bring Your Own Device) doesn’t mean leaving employees to find their own way to shoddy products and questionable vendors. It’s in everyone’s best interest if IT offers a list of certified vendors for maintenance and procurement. Easy and reliable for the user will mean less headaches for IT and better performance of the BYOD (Bring Your Own Device) strategy across the board.

4.) Who Owns Data? There’s no true answer to this question, but discussion of this issue must be handled as early as possible. If you don’t take a firm, clear position on the subject of data ownership, problems will arise in short order. Making it easy to segregate data goes a long way in alleviating the complicated problems that arise in this arena.

5.) Hardened Devices. BYOD (Bring Your Own Device) doesn’t mean employees get to take undue risks. Some industries demand a certain level of ruggedness—you don’t want an endless flood of complaints and requests because someone’s tablet froze solid or shattered on concrete floors.

IBIS Technology – Making Cloud IT Services simple and keeping your data safe.

Cloud Hosting: How Safe Are Your Files?

Cloud Hosting Redefining Business: How Safe Are Business Files if You Save Them in the Cloud?

Cloud Hosting IBIS Technology

Without a doubt, the advent of cloud hosting technology has made the dissemination and storage of information – personal or business – far more convenient than ever. Still, this new cloud hosting technology may cause some users to wonder how secure their private and proprietary information really is. While cloud technology is not perfect, it does offer a significant measure of security to its users.

Cloud Hosting Offers Major Security for Users

Here’s how cloud hosting safeguards your business:

Password Protection – While passwords can be hacked, they are a relatively secure first line of defense against hackers. Still, some safeguards must be taken to ensure their full utility. Passwords with a wide variety of elements including capital letters, numbers and special characters are best. These are less likely to be compromised by brute force or “dictionary” attacks. In addition, a system that ensures a regular changing of passwords is also very worthwhile and with advancements in encrypted password devices hacking without human interaction is getting better than even one year ago.

Secure HTTPS Encryption – Hackers will also try to intercept and capture data as it is being transmitted from one source to the next. Programmers have solved this issue by encrypting the data so that it is unreadable by anyone other than the intended party. This security is usually indicated by an “S” appended to the end of “HTTP” at the beginning of the URL. It is imperative that any private or proprietary info that you send be encrypted in this way.

Relative Immunity to Social Engineering – Though often overlooked by the average person, a hacker’s best strategy is often to simply talk – often claiming to be technical support – to the people in a company to obtain privileged information like passwords. Cloud storage companies are aware of the problem and train their people to not release info to anyone they do not know. The vast majority of cloud storage companies provide their own technical support and so avoid this problem altogether.

As you can see, the answer to the original question, “How safe are business files if you save them in the cloud?” is “very safe”, especially compared to most in-house security systems that rely on antiquated firewalls, poor password selection and limited resources. For more information on this topic or if you are already looking for a cloud hosted desktop solution, please contact us online at IBISTechnology.com or call us directly at 954.603.1515.

IBIS Technology – Making Cloud IT Services simple and keeping your data safe.

3 Tips to Prevent Data Loss

Don’t lose sleep over how to prevent data loss. Review these best practices.

Prevent Data Loss IBIS TechnnologyHow to prevent data loss is a common fear for every business owner. As people rely more on their smart devices with a hunger for technology, the ability for individuals to exploit that technology grows worse each day. Not too long ago, we all saw Target, a major department store chain, get attacked by hackers that stole millions of consumer credit card numbers. A few years prior to that, we watched in horror as hundreds of thousands of debit card numbers were compromised at ATMs in New York City.

You may be surprised to learn that many of the data and technology breaches you hear about had nothing to do with high tech skills. Instead, many of these hacks had humble beginnings through something called: social engineering.

Social engineering is the art of manipulating situations and individuals to gain access to sensitive information, often through the use of technology, and small businesses are particularly vulnerable to such attacks. The reason for this is that small businesses often don’t have the systems and resources in place to ward these attacks to prevent data loss.

Here are 3 tips your company can start implementing today to prevent data loss, better protect your valuable business information and decrease common technology risks:

1.) Enact lock down procedures for when a phone is lost or stolen.

Nearly 30-billion-dollars’ worth of cellphones were reported lost in the United States. Perhaps you can blame it on adult attention disorder or just a case of the absent-minded but think about all the APPS downloaded with critical information. From a business standpoint, now consider company files, emails and customer contact information live on this device. The implications of data loss are far reaching. While many companies remember to place ironclad security on mobile devices, they forget to enact lock down procedures for when a phone is lost or stolen.

2.) Get Your Data off the Server in Your Closet

As the general public becomes more and more dependent on technology, the desire to use a work device for personal use can’t be ignored. Accessing personal information through a company issued computer can seem quite harmless.  Now consider a common scenario: you have an employee that is in the market for a new home and takes a few minutes on their lunch break to search for homes in the area. Unbeknown to this employee, she accesses a malicious website disguised to look like a harmless local realtor site and before they can hit exit, her monitor locks up.  How do you prevent compromises like these? Many companies have blocked known harmful site and IP addresses in an effort to minimize these situations. Holding a computer server “hostage” is a new found game with expensive end results for the business owner. Cloud Service Providers like IBIS Technology are changing the way companies do business through education and design of affordable cloud services and technology solutions.

3.) Have a Solid Backup Solution to Prevent Data Loss

It is impossible for any company to promise 100% hack-free solutions.  However, the data stored on any device has the ability to be stored, backup and retrieved in the event of a natural disaster or personal attack by an outside source or even internal manipulation.  Ask yourself: how often is my data backed up and is it stored safely and easy to retrieve?  The advancements of Cloud Managed Services have given new options to safer data storage and accessibility. IBIS Technology has state of the art cloud hosted desktop solutions for most small business budgets.

Your data is the lifeline to your business. Protect it from competitors, disgruntled employees, natural elements and even the data invaders. If you like this article, you may also be interested in Best Practice BYOD Programs: What is BYOD?

IBIS Technology – Making Cloud IT Services simple and keeping your data safe.