Ripped from the headlines (Law & Order-style): Hackers Strike Law Firm of Madonna, Lady Gaga and Other Celebrities
So how does a story like this impact YOUR security perspective (for your organization)? If it doesn’t, it should.
I’m here with Troy Holwerda, the President of Proxurve Solutions, an IT provider here in Indianapolis, and I have a really important question for him. Huge front-page news about a showbiz attorney being attacked for ransomware. A very, very sensitive issue. Troy, what are your thoughts?
Well, yeah. These are the types of things, you know, that hit the headlines. The high-profile companies, high profile attorneys, whatever it may be.
But we as individuals and smaller companies and stuff, you know, we have to pay attention to this as well. It’s, it’s typically, you know, easier for a cybercriminal to hit the smaller companies. It’s not as much protection there. So, they will go for the smaller companies as well. You have to make sure that you’re protecting yourself, and you’re thinking about it too.
So, the smaller companies they need to protect themselves. They need to train them and their employees. And they need to prepare for a disaster like this.
So, Troy, what do you mean by protect, train, and prepare?
Well, protection is kind of along the lines of like antivirus, anti-malware protection. But you need to go beyond what the traditional antivirus and malware does nowadays. You need to look more at something for what they term as next-generation protection or next-gen.
Most of the current anti-virus products, they are what is called signature-based, which means they are looking for, like a, fingerprint. When the cybercriminals put something on your computer, they’re leaving a fingerprint. Just like in, you know, the criminal investigation shows, you know, they go out, they dust for those fingerprints. They find it. They can tie it back. And that’s what these signature-based antivirus solutions are doing. But the criminals are becoming much more creative, and they’re basically sanding off their fingerprints. So, they’re getting on there, and the signature-based anti-viruses won’t find it. You need something that relies more on artificial intelligence, and that’s what these next-generation antivirus solutions do.
When it comes to training, we’re really not asking companies to send their employees out for a week-long training and get, you know, a certified ethical hacker certification or whatever. It’s a simple training thing. You know, what to look for in a phishing attack email. You know, hover over a link or look at who it’s coming from to make sure that everything is spelled correctly. Look for poor grammar in the email.
Even do some just simple trainings. Some of these training companies for security….they will have just little two-minute videos that will simulate things. What cybercriminals are trying to do or how they attack, and then you are more prepared. Simple things like don’t use the same password everywhere, because if it’s found in one place, the cybercriminals are going to attack every single account that you have. And if you’re using the same password for your work, all of a sudden, now you just opened it up for them to be able to get into your work.
When it comes to disaster, just like with this high profile attorney that we were talking about, whether they encrypted the data and were going to hold it for ransom or whatever, if you don’t have a backup solution of some sort to be able to get that back, you’re going to have to pay that ransom. And we’re not just talking about on-premise devices, or your laptop, or desktop, or whatever. We’re even talking about when you put things in the cloud. There are a lot of clients and people that I’ve talked to that they thought that because they’re using a 365 solution, everything is protected, and it is to a point. I’m sure they have redundancy built in. They do have some where you can go back to a certain point in time and get some data back. But their SLA specifically states, “We will do our best to protect your data,” but they highly recommend that you get a third-party software to perform a secondary backup of your data in case something happens with their stuff.
So, you definitely need to have all three of those. You need to have protection. You need to train. And you need to prepare. If your organization would like to know more about improving your cybersecurity, please contact us.