Nils Solvang – Managing Partner CloudCIO.
Stories about Ransomware are doing the rounds in the media. In short, Ransomware is where you come into the office one morning to a message on your computer screen that someone has taken control of all of your files (typically by encrypting them) and will only release them back to you if you pay a ransom fee.
Rather than caring too much about the technical details of Ransomware, many London SME owners in trades like accountancy, construction and legal who depend on Cloud services like Office365, Dropbox and Google Docs are asking the simple question – should I worry about Ransomware?
The simple answer is – yes you should. There are however, features of using the Cloud that reduces exposure, but you certainly still face a risk.
Firstly, Ransomware mainly spreads by phishing emails. These are malware emails that look genuine and ask you to klick on a link or download an attachment. If you don’t know how to identify and handle a phishing email you should definitely take advice. You WILL receive phishing emails and it is estimated that over 90% of these emails now contain Ransomware. A good Cloud email service will filter known phishing (have a look in your spam/junk folder), but occasionally some carefully crafted, authentic looking emails will still get through.
Secondly, do you keep your software and virus protection updated? If you do, your risk is likely to be lower. If running outdated software, you are likely to have security vulnerabilities that the bad guys will take advantage of and take control of your data.
Over time it is almost impossible to prevent someone in your business clicking on a malicious link or downloading a bad attachment, so keeping all your software up to date is fundamental to good security practice. If you use Cloud services you are far more likely to already be running the latest version of software which is automatically kept up to date by your provider – so in that aspect Cloud users risk is lowered.
Finally, if you have up to date backups of all your critical data stored off-line, you are in a very good position to recover even if you are infected.
Many SMEs moved to the Cloud thinking that there is no need for an elaborate backup plan given that their data is safe and backed up by the Cloud provider. Additionally a local copy in local PC directories serves as backup if against all odds the Cloud provider lets you down.
This thinking does not, however, cater for Ransomware. If your PC is taken over and your files encrypted, the background synchronisation will replace your Cloud files with encrypted versions. Recent versions of Ransomware actually looks for shares and backups so any file that is accessible on-line from the infected PC is at risk of being compromised.
The only safe place for your data is off-line storage where the infected PC cannot get to the data. It is also important to stop your backup process as soon as you realise that you are being infected. This will stop your system connecting to the backup media from an infected PC. Your good backup could be corrupted directly by the malware, or even over-written by your backup process.
It is important to weigh up cost vs. risk. Cloud services helps reduce your risk profile by limiting number of phishing emails and ensuring that your software is up to date. With good awareness of how malware spreads, automatic update of software and virus protection, there is a question as to how much time and money you want to spend on an elaborate backup scheme.
With a low risk profile, the important focus turns to identify your critical data. Make sure you save regular offline backups of the data that is critical for the day to day running of your business.
On the other hand, if you are still running your own IT services from that old Windows server in the Broom Cupboard, you should definitely think carefully about how you can mitigate a significant risk of disruption due to Ransomware.