Another day and another scam!

Cybercrime is estimated to affect around 700,000 Australian businesses, 60% target SME's, and costing around $1.6 million in the past six months.  One of the biggest culprits is 'ransomware'.

You might know the type – the Post Office, you owe the ATO, the Bank has lost your details, ASIC has received a complaint about your business, etc.  There is a new one; "The Federal Circuit Court sends you a subpoena".  All these scams typically ask users to click through to a website or to open an attachment.  The ransomware also looks for other devices to attack, such as attached USB, Network drives and even Cloud drives accessible from that computer.

What happens once you do click through is that your computer and networks become encrypted and you can't access your files.  You must pay a ransom to get a key to release the files (if you're lucky).

How do you protect your business or yourself (individuals get these too)?

1. Don't click too fast

Read the notice, be suspicious, look for the language and requests not sounding quite right.  Ask yourself 'why would the …….. want my information?'  Don't click on the URL in the email, go to the normal (bank, etc) website and check with them.  Tell your team to be careful too.

2. Keep security up to date

Ensure that security applications are kept up to date, preferably automatically.  Use an anti-virus application that has a good reputation, and will protect from attacks from emails.

3. Back up!

This may be your best defence.  Have a back-up of all systems, preferably remote from your computer.  However, basic back-up services may not protect you either, not if they simply upload the encrypted files and overwrite your backups.  You could use backups that keep previous versions of your files, so if an encrypted file is backed up you can go back a bit further to access an unaffected backup.  Restoring can take a little while but the cost will be less than paying a ransom, or losing everything because of the loss of all your data.

4. Training and Support

Tell your team to be careful and to stick to safety procedures.  Have your data backed-up professionally, it's not expensive, and use an IT service you can rely on to respond.  (If you don't have someone or would like to look into this, call us for a referral.)

5. Take out Insurance

This doesn't prevent an attack, but you can insure for backup and losses caused.  If your broker has not offered this, call us for a referral.

Ransomware attacks are becoming more sophisticated and harder to detect.  You need to have a strategy for protection and response.