5 Years Studying Ransomware This Is What I’ve Learned

Small Business Canada

‘We’ve learned that the best thing we can do is just make ourselves less of a target. I liken it to security cameras on a home. If a burglar walks down the street and sees 9 houses with security cameras and one without, they’re likely to break into the one that’s unprotected; it’s very similar to computer security’ Anne Genge CEO, Alexio Corporation 

I’ve been in this business a long time and I’ve never seen what I’ve seen in the last five years. We have learned that antivirus is really just one single, little, tiny piece of data protection. The biggest cybersecurity threat to any business is ransomware. We have learned that if a cybercriminal really wants something, they can just come and take it. Today’s biggest cybersecurity threat to any business is ransomware.

What is ransomware? 

Ransomware is a type of malware that uses encryption to deny access to computer systems and/or threatens to publish the victim’s data unless a ransom is paid. 

Major governments continue to get hacked, so we’ve learned that the best thing we can do is just make ourselves less of a target. I liken it to security cameras on a home. If a burglar walks down the street and sees nine houses with security cameras and one without, they’re likely to break into the one that’s unprotected, and it’s very similar to computer security. 

Today, the minute anyone’s email address is involved in a breach, they immediately become part of a big list on the dark web. These lists get accessed, sold, and resold to cybercriminals who will use these massive lists of 5,000 – or even 200,000 – email addresses to send phishing emails. 

Hackers hack systems by tricking people 

These phishing emails are designed to trick people into giving hackers access to systems and data. They know that a percentage of folks will click on them and that a significant number of those will actually click on either the attachment or the link that they’ve put in there to deposit malware. Then they can install whatever tool they want to spy, steal your data, or drop ransomware onto your computer.

A combination of tools and training is needed, even for the smallest businesses 

Today’s protection needs to include multiple different types of tools working together to secure computers and prevent us, humans, from doing things that put systems at risk. It also requires that we create policies around how and where and what type of technology will be used to access customer data. The final step – and probably the most important in solving this global cybersecurity challenge – is that every person with a computer needs to have a basic understanding of cybersecurity. 

Everyday computers have been weaponized 

It’s really quite alarming if you think about it. Computers across the globe have been weaponized. We wouldn’t give anyone a car without them learning how to drive it. We wouldn’t allow someone to take our money at a store without them knowing how to ring through our groceries. And yet nowadays, every person has a computer. We collect, transmit, and access information about ourselves AND others, and people are doing this while completely oblivious to the rules that keep everyone safe.

Laws apply to all businesses collecting customer information 

Anyone collecting and using customer data needs to have continuous training to understand current threats to their business, their customers, and their jobs. There are data protection laws both federally and provincially that mandate how owners and employees handle personal information. 

No matter which study you look at, they all tell a tale of a massive number of breaches that are successful, due to human error. This human error can be the everyday person using the computer; in some cases, it’s a business owner who has not invested in proper cybersecurity. In other cases, it could be an IT provider who has not configured their setup securely.

Cloud applications can be safer, but not if you share passwords 

Cloud applications present another risk. People share passwords and user accounts in order to save money on licensing, but this creates a massive amount of risk. Your customers give you their information with the trust that you’re going to properly care for it, and yet what we can see is that many businesses are NOT caring for it adequately. There are literally as many breached records as there are people on this planet. 

Think about the implications of our information being publicly available. We’re not just talking about our finances. It could be our bank accounts, it could be our investments, it could be details of our wills. Even worse, it could be things to do with our health records like our mental health, the types of medications we’re taking, whether we’ve had a cancer diagnosis or another type of disease. These things can affect employment, they can affect our relationships, and they can affect our overall well-being. So even if someone does not steal our money, the fact that our records are out there floating around for public consumption creates anxiety and potential for us to not be able to have the type of employment and life that we may want. 

There is lot to do in ensuring we are protecting our customers, our businesses, our employees, and our families. Find your gaps and fix them. If you need help, connect with us – we’re here to help.

My wish for 2021 is that all people will seek out the knowledge they need to ensure that they’re caring for people’s secrets. 

Anne Genge,  CEO, Alexio Corporation

Anne Genge is an award-winning privacy and cybersecurity educator and innovator. She understands the unique challenges of small businesses and has made it her mission to provide understandable data security strategies to everyone working with a customer, client, and patient data. More information is available at getalexio.com/about-us 

Pin it
Related Posts