Every year, thousands of businesses fall victim to online security breaches, and this number is on the rise. One of the most devastating cyber threats is ransomware, a malicious program that locks a user out of either their system or their files until they pay a ransom, usually via bitcoin, that will allow them to gain access again. While the fines themselves can be very expensive, often the most costly aspect of the attack is the revenue lost whilst trying to regain access to important data. The most glaring example of this in recent memory is with the Baltimore ransomware attack in May, in which, according to reports from NPR, the city experienced a staggering $18 million in lost revenue whilst trying to recover data.
You might be wondering, if I am going to lose so much money trying to recover my data, why don’t I just pay the fine? It must be less than how much I could potentially lose in the long run, right? Well, that might sound like a good idea, but you have to remember that you are dealing with criminals here. They don’t necessarily pride themselves on their strict moral values, so even if you pay the ransom they may not release your data. In fact, now that they know you’ll pay, they may even try to exploit you for more money. You are entirely at their mercy. This is why most professionals agree that if you are the victim of an attack, that you should not pay the ransom. Instead, in order to avoid a situation such as this, practices can take several steps to safeguard against experiencing a threat in the first place.
One of the simplest, yet most effective tactics to employ is to make sure that your OS and other software is fully up to date. Ransomware is constantly evolving and adapting, very similar to an actual virus. Updates provide software an opportunity to fix weaknesses found in previous versions and block against the viruses that were exploiting them, much like a vaccine. Think about how each year, we have to get an updated version of the flu vaccine to protect ourselves from the current strain of the virus. It’s the same concept when it comes to protecting your computer.
Another way that dental professionals can avoid coming face to face with a ransom is by maintaining vigilant and safe internet practices. If you’re interested, then you can refer to our article on the dangers of phishing (https://www.computerhabits.com/blog/), in which we go into a this in little bit more detail. Being careful what you click on, using firewalls, and having a strong antivirus software installed on your systems are just a few steps that you can take to protect yourself from phishing scams that may be carrying ransomware. You can also ensure that your system is not configured to automatically run macros when an email attachment is opened. Malicious files may be hiding inside email attachments, but many can only be released when the user agrees to enable macros. Recently, hackers have been sending around an excel spreadsheet with macro-enabled Powershell, which then downloads the ransomware onto your device. This only goes to show how creative hackers have gotten when it comes to their phishing scams, which illuminates just how important it is to thoroughly train your employees in cyber safety.
But what if that isn’t enough? As mentioned earlier, ransomware authors are always tweaking their programs, trying to slip through the cracks of even a well guarded system. What if despite all of the steps that you take to protect yourself, ransomware still finds its way onto your computers? Well, this is where your best line of self defense comes into play. Backups and disaster recovery. Backups provide businesses the ultimate insurance policy because they allow for essential data to be saved and stored in multiple different places, completely separate from your system. Therefore, if the data on your system is compromised by ransomware, you can always restore it using your most recent, clean backup, rendering the hacker’s threat obsolete. This, paired with an effective data recovery option can keep your practice running as smoothly as possible throughout the entire disruption. While these options tend to be more expensive, some backup and data recovery options are so effective that you may experience little more than a hiccup in your daily operations when experiencing a cyber attack, or any disaster for that matter.
Health care providers are often even more likely to be targeted than the average business, because of the nature of the work that they do. Why? Health care providers have a lot of sensitive data, which also happens to be governed by regulations. This makes them a perfect target, because there is so much at risk when it comes to patient privacy. While all health care providers are required to comply with HIPAA regulations, simply being compliant often isn’t enough to protect against all cyber attacks. Seeing that cyber criminals will be focusing their efforts on them, the HIPAA journal recommends that healthcare organizations should view HIPAA compliancy as merely a strong starting point for their cyber security. Being truly secure requires professionals to take extra steps to ensure the safety of their systems, and therefore, the people that they care for.
The digital age affords us benefits that would have been impossible only twenty years ago. We can store all of our information digitally, process payments online, or even work remotely from half way around the world. However, these benefits come with their own set of online dangers and responsibilities. Threats such as ransomware may be lurking right around the corner, but they don’t have to be scary as long as you are prepared. If you take the proper steps to make sure that you and your practice are secured against these risks, then you are already one step ahead of the criminals that are hoping you stay in the dark.
Thanks for reading! If you want to learn more, or are interested in tech support that is more specialized for your unique practice, then feel free to visit our website.
https://www.computerhabits.com