The First Line of Defense: Education - So What is Ransomware?
The term 'ransomware' is a literal combination of malware and ransom.
Malware - is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software.
Ransom - is the practice of holding a prisoner or item to extort money or property to secure their release, or it may refer to the sum of money involved. In an early German law, a similar concept was called weregild.
While ransomware is a form of malware, it’s definitely unique in what it does. Sprinkle in some ‘ransom’ and you’ve got a malicious virus that keeps your data encrypted until ransom is paid (usually in bitcoins).
So why should your SMB care?
According to a report done by security software company Kaspersky labs, There have been more than 700,000 ransomware attempts between 2015-2016. Just in 2016 alone, more than $200 million had been paid out by victims that were left with the choice of pay the ransom or close the business.
In 2017, the entire world fell victim to a ransomware attack infamously known as WannaCry. Early morning on Friday May 12 2017, 'WannaCry' was first discovered and in just four days, by the following Monday morning more than 200,00 organisations, including government agencies, across 150 countries had been affected.
How does it spread?
Spam is the most common method for distributing ransomware. Victims are tricked into downloading an email attachment or clicking a link. Fake emails might appear to be from a friend, colleague or a trusted institution asking a user to check out an attached file or perform a routine task. As soon as action is taken the malware immediately installs itself. Keeping staff updated and informed through regular formal training on what ransomware is, is critical.
The Second Line of Defense: Security
Cybersecurity technology starts with antivirus software. Antivirus is designed to detect, block, and remove viruses and malware. Modern antivirus software can protect against ransomware, keyloggers, backdoors, rootkits, 10 trojan horses, worms, adware, and spyware. Some products are designed to detect other threats, such as malicious URLs, phishing attacks, social engineering techniques, identity theft, and distributed denial-of-service (DDoS) attacks.
A network firewall is also essential. Firewalls are designed to monitor incoming and outgoing network traffic based on a set of configurable rules—separating your secure internal network from the Internet, which is not considered secure. Firewalls are typically deployed as an appliance on your network and in many cases offer additional functionality, such as virtual private network (VPN) for remote workers.
Patch management is an important consideration as well. Hackers design their attacks around vulnerabilities in popular software products such as Microsoft Office or Adobe Flash Player. As vulnerabilities are exploited, software vendors issue updates to address them. As such, using outdated versions of software products can expose your business to security risks. There are a variety of solutions available that can automate patch management.
Recent studies have reported that weak passwords are at the heart of the rise in cyber theft, causing 76% of data breaches. To mitigate this risk, businesses should adopt password management solutions for all employees. Many people have a document that contains all of their password information in one easily accessible file—this is unsafe and unnecessary. There are many password management apps available today. These tools allow users keep track of all your passwords, and if any of your accounts are compromised you can change all of your passwords quickly. Encryption is also an important consideration. Encrypting hard drives ensures that data will be completely inaccessible, for example if a laptop is stolen. 11 These measures protect against a wide array of cyber attacks. However, because threats like ransomware are always evolving, security solutions are just one part of an effective defense strategy. You also need solutions in place that enable you to return to operations quickly if you do suffer a cyber attack. Data protection technologies are an essential second layer of defense against cyber crime.
Ransomware is always evolving, so the second line of defense, 'Security' is necessary, however a final layer is critical as even the best security software can be breach. As such, a final layer of defense is critical in protecting your business from when ransomware strikes. Backup.
The Third and Final Line of Defense: Backup
Modern total data protection suites take snapshot backups as frequently as every five minutes to create a series of recovery points. If your business suffers and attack, this allows you to roll-back your data to any point before the attack occurred. Some data protection products allow users to work from image back ups on virtual machines. This is referred to as instant recovery and is pivotal when recovering from a ransomware attack as it allows for continued business operations while your systems are being restored with little to no downtime.
Office 365 - A Primitive backup
When changing the way you do anything, it’s natural to ask “Why do I need this if my current solution is working?”. When it comes to your business’ data, the answer is simple. While O365 does have restoration capabilities, in the face of the growing ransomware threat, it is primitive and a waiting game for two major issues to arise when using their tools: lost data and lost time. How much lost data and time can you afford?
An astonishing 1 in 3 small businesses report losing data stored in cloud based apps. If your network was infected with ransomware right now, how long could your business continue standard operations without access to any data? How much data could you afford to lose permanently?
The truth is, even data in cloud-based applications is vulnerable to:
End-user deletion, whether accidental or malicious
Malware damage or ransomware attacks
Operational errors such as accidental data overwrites
Lost data due to canceled user licenses
Misconfigured application workflows
O365 was designed so you don’t need to worry about the core infrastructure and its patches or backups. Microsoft ensures that they are not the cause for any data loss, but have also limited the end user backup and restore capabilities. If an employee simply deletes files, you can’t restore them and would need to contact support and wait. Having the ability to recover from simple deletions and major outages is more important than ever before. Expecting end users to be the source of the backup and restoration is risky. The recommended approach is to have a solution that allows for individual item, file and container level backup and restores. This alleviates the risk of critical business files and data.
Why SaaS Protection for Office 365?
Point in Time Backups: Backups include daily snapshots of each users data. Avoid data loss from ransomware by restoring entire accounts to a time before an attack occurred.
3X/day backup: Daily backups for O365’s Exchange Online, OneDrive, OneNote, SharePoint Online.
On-demand backup: Perform additional backups as needed at any time.
Backup notifications: Get notifications at a glance.
Infinite Retention: Store an unlimited amount of data in Datto’s private cloud.
What SaaS Protection Recovers
OneDrive: All files (including OneNote) and folders with structure in tact.
Contacts: All contact information
Calendar: Events (including recurrence, attendees, notes), attachments and any calendars owned by your users.
Mail: All emails, attachments, notes and folder structure.
SharePoint: Primary, custom, group, and team site collections
Custom generic site lists
Document libraries and sets
Site assets, templates, and pages
Fast & Effortless Restoration
• Quick & Painless Restore and Export: SaaS Protection’s architecture means data export & restore speeds make us the fastest backup and recovery solution.
• Non-destructive Restore: Restore data without overwriting existing files.
• Item level restore: Retrieve data in the original format with file & label structure maintained.
• Retain user data: Save money and effort by automatically holding inactive users’ data after their O365 license is deleted.
• No overwrites: Prevent data overwrites & differentiate restored data from current data
• Advanced search: Easily find data and restore individual items or entire folders.