13 Jan The hacking threat to your utility organization and what you should do to avoid it!
The recent news about Russian cyber activities has put the spotlight firmly on hacking.
Certainly Malware, like the program that gave hackers access to the DNC emails is a widespread problem in both government and private organizations – but a far greater problem for Utility organizations is Ransomware.
What is the difference between Malware and Ransomware?
Both Malware and Ransomware are packets of hidden code, usually unknowingly downloaded by a legitimate user on the system, either by frequenting a site that is infected with the code, or by responding to a phony email which provides a link to the code.
The difference is what happens when the code installs itself in the target computer. Malware simply provides a doorway through security for hackers to enter and gain access to the system – you can still go on accessing all your files and continue working. When it is discovered and cleaned from the system, nothing is lost, it’s just that somebody else has a copy.
Ransomware is completely different. It automatically encrypts your data, locking your system, making it completely unusable and effectively shutting down your office. A payment is demanded for the decryption, so your system will be operational again. This payment can be between a couple of hundred to tens of thousands of dollars and does not guarantee the system will be unlocked.
It is very tempting for an organization that has no backup that predates the ransomware and no other plan to just go ahead and pay the ransom, and many do, making ransomware a lucrative business for the underworld.
How common are Ransomware attacks?
Ransomware attacks are more common than many people imagine. They are generally kept quiet by infected organizations for fear of losing their reputation with customers.
Recent research by leading software provider, Malwarebytes found that almost 40% of companies worldwide had been infected with Ransomware in the last year and a staggering third of those companies had lost revenue as the result of the attack.
How can you minimize the risk of being hacked?
So given that today’s hackers are so sophisticated, they can get in to most systems, what can you do to prevent it, or at least minimize the impact of an attack?
Malware and ransomware is not pushed down the internet to your system – they come in as the result of a staff member clicking the link on a phony email or visiting websites that have been infected with it – typically sites displaying pornography.
Preventing a ransomware attack begins with good staff policies, procedures and training – ensuring that none of your employees open the door to a malicious, costly attack. Frequent reminders should be circulated with updated information on any new email traps that are making the rounds.
Procedures like never opening attachments unless you are 100% sure they are legitimate and always checking the “from” address of emails to ensure they are genuine help prevent ransomware being inadvertently added to your system.
Your data must be safeguarded too, with good Anti-Malware and Anti-Virus programs. Malwarebytes (https://www.malwarebytes.com/) is one that we personally use and recommend. Malwarebytes reputedly negates the need for additional anti-virus software, but it’s probably a good idea to also keep an updated copy of a good anti-virus software like McAfee (https://home.mcafee.com/?) or AVG, (https://www.avg.com)
Anti-virus and Anti-malware software will alert staff when a website they are visiting is infected. It will also give an early warning of an infection and in many cases ‘quarantine’ and stop the infection before it takes over your system, but it is vital that it is kept up-to-date.
Most importantly, your data must be backed up.
The importance of backups – but not just any backup…
We have seen organizations that religiously back up their data offsite fail to protect against these attacks – simply because they are not backing up for a long enough period. If you can’t go back several days or a week before the system got infected, your backup too will be rendered useless.
That is why when we install Diversified suite on a client’s system, we provide free, off-site backups that go back a month. All the organization must do is to simply hit the “backup” button every day before going home.
We encourage clients to verify their backups at least twice a year, to ensure the data can be properly restored and we assist them with this process, loading it onto a cloud server, so clients can run reports and verify the data is accurate. That way, you have peace of mind that you can recover in the event of a real hacking or ransomware attack.
A number of our clients have suffered a ransomware attack, but in every case where they used our backup, we were able to track back to a version before the infection and restore their system to a working version within hours. At worst, these organizations lost a couple of days worth of transactions and had to input these manually.
In a case where the organization’s whole network was disabled, we were able to restore their backup on our cloud and give them access so they could immediately start working while their computers were wiped clean and restored.
Without this kind of backup, an organization can be down for weeks, having to rebuild their whole system manually from customer records they have in their filing cabinet. It is a frustrating, costly process, that does immense damage to the organization’s reputation and customer satisfaction.