The December 2013 Sensis Business Index looked at the risks that worried SMEs and how they were planning to maintain business continuity as the bushfire season loomed. SMEs, on average, ranked fire risk as only the third-biggest risk to the continuity of their businesses; data attack’ ranked first. That assessment is well placed.
Sensis also reported that 74 per cent of the businesses that do backup manage it on-site only – a serious concern. And it found that only 49 per cent back up their data daily – which means they’re out of touch in a world of data threats.
A data attack does not need to be ‘someone out to get you’. It can be a random event, such as the recent spate of CryptoLocker viruses that have done the rounds – just code distributed by criminals in random ways to catch anyone they can in their net of deception.
And just as bush-dwellers need to plan for fire, you need to plan for a data attack. So what might such an attack look like?
Recently, one of our clients was struck by an encryption attack on their data. The first we heard was when staff could not access server-based files across the network, What we discovered was a terrified staff member looking at their screen and wondering about their future in the firm.
The staff member had been duped into opening an attachment to an email or clicking a button on a website that activated the code. They had then continued to work, wondering why their PC was running so slowly.
The CryptoLocker virus had quietly altered every ‘doc’, ‘xs’ and ‘pdf file available on accessible shared drives, including the server to which they had access.
Once the damage had been do CryptoLocker put up its ransom no It asked for US$300 in return for providing a key to unlock the data.
The firm’s current reputable an up-to-date antivirus software did not detect this attack and its firewall did not block it.
The staff member had access network drives to approximately 10,00 files, many of them significant to the operations of the business and containing valuable information. Once this attack reached the ransom-note stage, the data was longer available. At this point there only two options:
. pay the US$300 ransom and hope you get a decryption key that safely unlocks your files; or
. delete the encrypted files and find a tool that cleans up any remaining code from the attack.
Option one carries too many s so we applied option two: delete and clean.
This is a client with good systems, hey had high-quality backup, in several times a day. As a result, were able to retrieve data from prior to the attack and restore the original file locations.
The net impact of this attack a couple of hours’ disruption business and the loss of any file notifications that had been made for a period of about half an hour after the most recent data backup (back to the restore point).
The message here is clear: it’s time to ensure that you and your clients have the best possible front-line of defence against the dark operators of the internet with a good firewall, a great antivirus solution, staff training on what to watch out for and, above all else, state-of-the-art cloud-based backup and data recovery systems that ensure you don’t become a victim.
If you are not sure how you’d recover your data in the event of a disruption such as this, it’s time to get some advice and bring your systems up to date. Taking option one and hoping your credit card is only debited the US$300 is not an option.
And if you think US$300 is cheaper than putting a backup system in, think about this: there is no guarantee the encryption key exists,
That may be the dirty joke in it. l, for one, plan never to find out the punchline. Can you say the same thing to your clients?
