On May 7, 2019, the City of Baltimore, Maryland, with a population of over half a million people, fell victim to a cyber security attack. A month later, City employees still did not have access to their email, and City residents still couldn’t pay their water bill, property taxes, and parking ticket fines online, because City employees still couldn’t access information about their residents’ property, bills, or tickets.
Honest residents, who wished to maintain their integrity, were advised to pay their bills using the good-old-fashioned methods of check or money order, either by mail or in person. What an inconvenience! Home sellers and buyers were told that the city can’t access its records of unpaid charges and liens against properties, even though most mortgage lenders require that a property be free of outstanding taxes, assessments, and charges. Fortunately though, the city issued a manual workaround process that included an affidavit from the seller that they promise to pay any outstanding liens that may be discovered when systems are up and running again. Obviously, this is not an ideal situation to be in.
The worst part of this whole sad situation is that with a few simple steps, this entire expensive and time-consuming ordeal could have been prevented.
What is it?
Ransomware. It’s a malicious software that locks your data and ships the key off to the attacker. Then, the attacker demands an online payment and promises to restore access once payment is made. In the case of the City of Baltimore, the attackers demanded 13 bitcoins, which at the time of this writing, is equivalent to a little over $100,000.
Why it works.
Think of it as honor among thieves. They, like you, want to keep their business going and keep customers. So, they, like you, have to deliver on their promises, or people won’t pay for services anymore. As long as they continue to be faithful in giving the decryption key when payment is made, people will continue to pay to have their precious data back. But, you never know if they’ll deliver the product for sure, and if it will work upon arrival.
Protecting your business from it.
The sad truth is that this whole ordeal with Baltimore could have been prevented or, at least, mitigated.
- Make sure you are backing up your data on a regular basis, and that the backups are also tested on a regular basis, in case you ever have to rely on them. If you ever need to use them, you want to know you can be up and running again quickly, and that your data is reliable.
- Have an up-to-date firewall in place and keep it as tight as possible. A firewall is designed to block unauthorized access to your data by using a set of predetermined security rules that determine what’s allowed in and what’s allowed out. Think of it as a fence, or a security system, for your data, and you decide who and what gets to pass through.
- Update your computer systems on a regular basis. Be aware of what systems and software you’re running and know when the issuing company will discontinue running security updates. For example, if you’re running your business on a version older than Windows 10, it’s likely your security and support updates are either no longer supported by Microsoft, or they won’t be soon. Click here for more information.
- Keep inboxes clean so that potential malicious emails can’t reach your employees. And, if one slips by your filter, be sure to instruct your employees on how to stay safe online. Your employees can be either your first line of defense, or they can be the first sad step in the demise of your business. Some training options are available here.
- Have a internet filter in place. Proactively filtering where users can go on the internet can drastically reduce the chances of your business being the next victim.
Why is this important?
Unfortunately, over 40% of small businesses fall victim to a cyber security attack. According to a 2018 Small Business Cyber Risk Report by Hiscox, the average cost for a small business to recover from a cyber security incident was $34,604. And, for companies over 1,000 employees, the average was slightly over $1,000,000. Keep in mind that these costs don’t include the indirect costs of losing customers and damaging your brand. They also don’t include the many stressful lost-productivity hours required to deal with such an attack. Unfortunately, some of these businesses don’t ever financially recover, and ultimately close their doors. That’s terrible odds considering that business owners put a lot of time, energy, and heart into growing their businesses. How confident are you in your cyber security protection and readiness plan? Do you even have one?
The good news is that Cyber Solutions clients who are using the Total I.T. solution are much less vulnerable to infection. Cyber Solutions has multiple layers of security measures in place to prevent these maladies from happening to our clients, but if one does slip by us… we have their back(up).