Why every business needs Managed Services
Consider this scenario; your business is running along just fine, your computers and software are working, you have “a guy” in your office that is pretty handy at setting up computers and fixing small issues. Then one day your front desk person opens an email that infects your computer systems, what do you do? (besides panic!)
In this article, I will walk you through what happens when this actually
occurs, what we do to help, and why Managed Services is vital for your business’ future!
Ransomware, generally (87% of the time) comes from someone clicking on a link in an email. Here is what happens when that link is clicked;
- #1 The ransomware will attempt to disable any antivirus software
- #2 The ransomware will endeavor to delete any backups of the computer it is on, including Windows snapshots.
- #3 The ransomware will search out and find all data files on the system, in network-attached drives, and other connected devices.
- #4 The ransomware will download an encryption key from a web location identified by the attacker.
- #5 The ransomware will encrypt all of the files it found during its search for data.
- #6 The ransomware will display a message on the screen informing the user that the files are encrypted and to send payment to decrypt them.
And that’s about it. This is, of course, a simplified explanation, but it gives you the gist of what happens. A simple program really and because it is not truly a virus (It is running routines that we perform every day) the virus software is generally not smart enough to know that it is malicious until after the attack has occurred and the Virus software is re-enabled.
Again, I ask you, what do you do now, besides panic? If you’re like most companies, you have some sort of computer company that supports you, either a break/fix guy, a Managed Services Provider (MSP), or perhaps even an in-house IT person or staff. If they have done their job, you have good backups off-site, and the data can be restored, but what most companies do not know is that process can take up to 2 weeks! Consider this;
- First, the ransomware needs to be removed from all affected systems. This usually involves the formatting of those systems to be safe that there are no hidden trojans that can re-infect the systems
- All systems on the network need to be scanned, even those not affected.
- The data needs to be downloaded from the storage location and because of size may take several days.
- The data is then restored to the PC’s and servers. Then the systems are both brought back online.
During those 2 weeks, how do you function your business? Can your business function? Can you recover from this? Many businesses don’t.
What are you to do then, how do you avoid getting ransomware?
There is no 100% guarantee that any IT company can give you, but there are steps you can take to minimize the possibility. Get a good Managed Services Provider (MSP) or Managed Security Solutions Provider (MSSP) to help you. Even if you have an In-house IT, an MSSP can work with them and support your network by handling the security and monitoring of your systems and network. What they will do is layer your protection. By layering your protection, they are working to make it as difficult as possible for any malware to infect your system. Here is an example of several products that they layer security with;
-
- DNS Filtering – this blocks the sites that the ransomware goes to get the encryption key
- Email filtering – this is not spam filtering, although many do that as well, this is filtering for phishing, ransomware and malware.
- Firewall – your company may already have a firewall. The latest versions of firewalls now come with software that scans the network traffic in and out of your network for viruses and malware.
- Advanced Threat Detection – There are many companies of late that specialize in this. Basically, monitoring your system for file changes that are not normal and halts them before they can do any damage, then reports it to a Security Operations Center (SOC) to be verified and cleaned if necessary.
- Backups – you may already have a backup company, but many ransomwares are now getting smart enough to infect the backups as well. Many of the top-rated backup companies are now using redundant backup and scanning systems to monitor and store data in more than one backup location.
- Education – this is probably the most significant component of this layer of security. Educating your employees on what to look for in their email and on the web to help protect themselves and your business.
- Cyber Insurance – this and backups are the fail-safe, if you do get attacked and you are down for an extended period of time, Cyber Insurance may save your business.
There are more things you can do, but this should be the bare minimum, and I highly urge you to get with an experienced MSP or MSSP professional and get your company covered! Ransomware is expected to increase substantially over the next year and only looks like it will continue that way.
As always if you have any questions, please contact me directly;
By phone: 520-751-0888
By email: greg@acaciait.com
Request information about
getting your Employees
trained below!
Greg Durnan is the Owner/President of AcaciaIT and very active in the business community of Southern Arizona. One of the founding members of the Greater Vail Area Chamber of Commerce and Chairman of the Oro Valley Chamber of Commerce. He is very passionate about the needs of businesses in Arizona. He also strives to educate clients on Computer and Network Security through Lunch and Learns, articles, and webinars.
On the weekends he enjoys spending time with his wife and son at their ranch in Vail and working with horses.