Every month Readysell recovers another customer that has had a security breach. The main concern is how much will this breach cost them in money, time and worse of all, lost data.
Another factor often overlooked is the potential for you, the business owner, to receive fines as the result of Cyber Security Breach. All businesses, no matter what size, are subject to the very stringent privacy laws of Australia. These laws place a significant accountability on businesses to keep customers’ private information secure, or face potentially large fines as well as bad publicity and damage to their reputation.
A breach becomes more costly to resolve the longer the breach remains undetected. We’re put together this page as educate our customers about protecting themselves.
What is ransomware?
The number one threat small businesses face today is ransomware. Ransomware is a type of malicious software (malware) that works in the following way:
- Infect a PC by tricking the user into running the malicious software
- Encrypt crucial files (such as documents, emails and your Readysell database) – blocking access to them
- Demand payment from the user in exchange for access to your files
Given the prevalence and impact of such malware, put together this guide with five important practices you should use to keep yourself safe.
Am I at risk?
Every cyber-criminal is looking for a soft target. This usually means a small business operator! Too often small business owners are not proactive because they do not believe they have anything worth stealing.
Every small to medium business holds customer credit card information, customer personal details such as bank details and emails. Every piece of information is useful to a cyber-criminal who can make money, for instance, by selling an email address.
The sophistication of the current cyber criminals makes detection and response more difficult. Ransomware is becoming more prominent. This is where after opening an infected file, your computer is locked, and can only be unlocked once a ransom is paid.
What can I do?
1 – Be Prepared
Sometimes no matter how hard you try, things are out of your control. If you get infected, you need a way to get back on your feet quickly. This means ensuring you have recent and complete backups of your data.
Readysell recommends you always have at least three copies of your data (the 3-2-1 rule). This means that you have a redundant backup (in case one backup fails).
- Your original, working copy (e.g. your Documents folder or Readysell production database)
- An on-site backup
- Having one backup on-site means that in most cases you are able to get up and running quicker
- We recommend that you have at least one on-site backup that is not readily accessible from your server, ensuring if you are infected, your backup files cannot also be encrypted
- An off-site backup
- We recommend using a reputable cloud backup provider (such as Readysell Cloud Backup)
- Alternatively, you can backup to a portable storage device and take it home with you each day
Also, if you have the option to do so, activate Volume Shadow Copy on your server. This feature maintains previous versions of files in a location that is not accessible by current samples of CryptoLocker. Once the malware has been removed from an infected PC, files mirrored by the Volume Shadow Copy service can be recovered by the user.
You should also have a broader business continuity plan to deal with the situation if the worst should happen. Some things to consider are:
- Who are you going to contact if you’re affected? Will you be able to get assistance in a timely manner?
- Do you have a spare PC on standby (or do you have a PC earmarked) to take the place of your infected server as an interim replacement?
- How long will it take you to restore all your data from a local backup and from the cloud?
- How will your business continue to operate in the mean time?
2 – Be protected
Firstly, you should regularly update and run your anti-malware software. Software such at Microsoft Security Essentials, Windows Defender and Malwarebytes should be set to always download automatic definition updates and full scans should be run on a regular basis. This should be performed on both your server and client PCs. Readysell has a PC maintenance guide available that goes into detail about what you should be doing to ensure you are protected.
We also recommend installing a dedicated third-party malware prevention tool such as CryptoPrevent. CryptoPrevent is a free tool that modifies the existing security settings in Windows to block ransomware from running even if it’s already made it onto your system. We recommend running CryptoPrevent in either “Default” or “Maximum Protection” modes. If you choose “Maximum Protection” though, please read and understand the caveats. Also, please note Readysell will not operate correctly if “Program Filtering” is enabled.
To protect yourself against remote exploitation, ensure that all users (especially those with Remote Desktop access) have strong passwords. Before selecting a new password, test it against the Pwned Passwords database to make sure it hasn’t been breached. Disable the SMBv1 protocol and secure your RDP using the useful guide at HowToGeek.
If you are running Windows 10 version 1709 or later, we recommend turning on “Controlled Folder Access“. This feature allows you to select folders on your system that should have an extra layer of protection. Typically this means folders where you store crucial documents. Once you’ve done this, only applications which you’ve explicitly allowed will be able to edit or delete documents in those folders. That means even if you do get infected, the damage will be more limited.
3 – Be suspicious
If you’re receiving an email from an unknown source, or someone you don’t usually communicate with by email (especially if it has an attachment), chances are high that you’re being sent malicious software. Even with up to date anti-malware software, it’s possible to be infected. Don’t download or open email attachments you weren’t expecting. If you want more information about how to spot the signs of a dodgy email, please see this article.
If you’re looking for specific software, it’s best to start from a trusted source such as the software vendor’s web site or a reputable software repository (we recommend FileHippo). Don’t download from untrusted sources. If you Google (or Bing) what you’re looking for and end up on Joe Blogs’ software emporium, you could be getting more than you bargained for.
4 – Be disciplined
Your server hosts your most critical business data. Not only is it where your Readysell database lives, but often it is a central repository for your company files and emails. As such, you should try to minimise the chance your server gets infected. Only connect to your server when you have to perform specific server-related tasks. Don’t use it as a workstation, and certainly don’t use it to browse the Internet or check your email. Doing so increases the chances your server gets infected.
You should also ensure you have policies that are enforced around passwords. We suggest using a password manager (such as LastPass) and NEVER store passwords in clear text.
5 – Be educated
There’s lots of resources online to learn more, some we suggest include:
- Ransomware and you! | Readysell
- Individuals and small business | CERT Australia
- Ransomware | Microsoft Malware Protection Centre
- Ransomware | Malwarebytes Unpacked
- Alerts | Stay Smart Online
Once you understand the recommendations and have put them into practice yourself, spread the knowledge to your team to ensure everyone’s files are safe.