You have probably heard and read a lot about WannaCry ransomware, which used NSA exploits to compromise out-of-date Windows computers on large networks. For those affected it was devastating, and we feel for their pain. But for the vast majority of businesses, particularly the startups, Venture Capital firms, and growing businesses that Hybridge serves in San Francisco and Silicon Valley, WannaCry was not a real threat.
It did, however, prompt many interesting discussions about the brutal and unforgiving environment we all find ourselves in today.
Hybridge advises and protects our clients from ransomware and similar attacks in two ways:
1. Avoid. Every business who has a Facebook or Yelp page, website, or an employee on LinkedIn, is going to be attacked, and attacked cleverly and aggressively. The best defense, obviously, is to avoid falling for one of these attacks.
In priority order, this is how to avoid an attack:
- Never Click - By far the number one successful attack vector is persuading employees to click on an email. Make sure no employee ever clicks on or believes anything in any email, ever. It is now impossible to separate real emails from spoofed emails. So just never click. No matter what. The vast majority of attacks, including the Russian DNC attack, were via perfectly-faked emails. Never change payee information. Never change capital call wire transfer data. Never click on a shared Google Doc. Just don’t click.
- Encryption - Make sure all laptops, and any other devices with confidential information on them, are encrypted. A Mac without encryption can have all data read off the SSD within minutes, without a password, once someone has physical possession of it. Don’t let anyone store your data on a personal device that is not secured by Hybridge.
- Secure network - Make sure all devices connected to your network are secure. If you have consumer-grade firewalls (Asus, D-Link, Netgear, etc.) on your network then call Hybridge to upgrade them to Cisco Meraki enterprise equipment. The huge Target stores breach came through an air conditioning controller with a default admin password. So be disciplined about what is on your internal network, and how it is secured. Please call Hybridge if you’d like us to do a network scan to identify vulnerable equipment on your network.
- Up-to-date software - The exploit that WannaCry used had been patched by Microsoft back in March as soon as the NSA realized it had been hacked. No one who applied all outstanding Microsoft Important updates was vulnerable to WannaCry. So always apply the latest updates, as soon as you can, even if it means an inconvenient reboot.
Make sure no employee ever clicks on or believes anything in any email, ever.
2. Mitigate. Ransomware ransoms must be paid in bitcoin. For regular people, buying Bitcoin is really painful, and requires submitting a photo of your social security card and driver’s license and agreeing to a credit check. Obviously, this is something you want to avoid. Mitigation is a strategy to protect you if you are unfortunate enough to get hit by a CryptoLocker or similar attack, so you can shrug it off, restore all your data onto new hardware, and continue working. These are the key steps for that:
- Backups - A good, recent, reliable, offline and cloud backup is step 1 through 100 to protect against an attack. Most forms of Cryptolocker will encrypt any local drives you have backing up your files, so you can’t count on them. If you are a Hybridge client, we have worked with you to set up an encrypted cloud backup for your essential data, which will protect you. Anything you care about should be in 3 places, ideally one completely offline (e.g. in a safety deposit box) also. Please call Hybridge if you have any questions or concerns about where your key data is and how it is backed up.
- Collaboration products - Box/Dropbox/Drive/Sharesync are all good collaboration products, but all have the same Achilles’ heel. They will sync Cryptolockered files to all computers. Make sure you have the business versions of these products so Hybridge can restore your files back to before the Crypto event.
It is a battlefield out there on the Internet now. If you are not absolutely comfortable about your cyber-defenses, please call Hybridge at 888-353-1763 and we will be happy to provide a no-obligation cyber-defense check-up for your business.