Ransomware Makes its Dramatic Debut
I was watching Sunday Night Football and my wife asked me to come into the kitchen. She was watching the “The Good Wife” (10/19/14) and the plot centered on the law firm being attacked by ransomware from a foreign country. Even though the episode took some liberties and dramatic license with how they dealt with the attack, the underlying premise is one we see all too often.
Many large and small businesses mistakenly believe their operations are adequately protected from ransomware (i.e. Crypto Locker, Crypto Wall) through the standard protection tools including firewalls, web content filtering, spam filtering, antivirus, systematic patching and backup. While these tools may exist in the IT infrastructure, without the proper monitoring and management, critical business data may be left vulnerable to security risks that could potentially devastate a company.
Managing and monitoring these tools is critical to protecting data from ransomware. Managing the tool includes training and development of a systematic process to insure the tools are implemented properly. Monitoring the tools includes reviewing daily reports and metrics to insure the tool is running properly with appropriate remediation steps when issues arise.
Consequences of Improperly Managing and Monitoring Tools
Patching and antivirus signatures are months behind. Spam and web content filter tools are not fully deployed. Backups have not run for an extended period of time, or are missing critical data. This happens for a number of reasons:
- Lack of proper training on the tool features
- Use of freeware with limited functionality because the tool is undervalued or there is not enough value is placed on security and backup/business continuity
- Interest in more challenging projects
- No management emphasis on attention to detail
- Ignorance and lack of understanding of the true nature and extent of the threats to data security
Most important is the establishment of a culture of managing and monitoring the tools and processes. It is not a static process (set it and forget it). It requires daily review. The old adage, “People do what you inspect, not expect” holds true in this case.
Who is inspecting your processes to minimize the risk of ransomware impacting your business? To learn more about how managed IT can help optimize your Dallas area business' IT, give us a call, set up a free IT Consultation, or check out our website--we'd love to hear from you.