“Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today.” That’s what The Evolution of Ransomware, a study by Mountain View, California-based cybersecurity firm Symantec, reported recently.
If you have any illusions that your company is safe from cyber-attack in 2017, consider just a few findings stated in a recent report by the Herjavec Group, a global information security firm:
● Every second, 12 people online become a victim of cybercrime, totalling more than 1 million victims around the world every day.
● Nearly half of all cyber-attacks globally last year were committed against small businesses.
● Ransomware attacks rose more than an astonishing 300% in 2016.
● The world’s cyber-attack surface will grow an order of magnitude larger between now and 2021.
● The US has declared a national emergency to deal with the cyberthreat.
● There is no effective law enforcement for financial cybercrime today.
Clearly, your company’s information and financial well-being are at greater risk than ever in 2017. And you cannot count on the federal or state government or local police to protect your interests. That’s why I STRONGLY SUGGEST that you implement the following resolutions starting TODAY.
Resolution #1: Tune up your backup and recovery system. The #1 antidote to a ransomware attack is an up-to-date backup copy of all your data and software. Yet managing backups takes more than just storing a daily copy of your data. For one thing, if your business is at all typical, the amount of data you store grows by 35% or more PER YEAR. If your data management budget doesn’t expand likewise, expect trouble.
Resolution #2: Harness the power of the cloud—but watch your back. Huge productivity gains and reduced costs can be achieved by making full use of the cloud. Yet it’s a double-edged sword. Any oversight in security practices can lead to a breach. Here are two things you can do to harness the cloud safely:
- Determine which data matters. Some data sets are more crucial to your business than others. Prioritize what must be protected. Trying to protect everything can take focus and resources away from protecting data such as bank account information, customer data and information that must be handled with compliance and regulatory requirements in mind.
- Select cloud providers carefully. Cloud vendors know that data security is vital to your business and promote that fact. Yet not all cloud vendors are the same. You can’t control what happens to your data once it’s in the cloud, but you can control who’s managing it for you.
Resolution #3: Set and enforce a strict Mobile Device Policy. As BYOD becomes the norm, mobile devices open gaping holes in your network’s defenses. Don’t miss any of these three crucial steps:
- Require that users agree with acceptable-use terms before connecting to your network. Be sure to include terms like required use of hard-to-crack passwords, conditions under which company data may be “wiped” and auto-locking after periods of inactivity.
- Install a Mobile Device Management System on all connected devices. A good system creates a virtual wall between personal and company data. It lets you impose security measures, and it protects user privacy by limiting company access to work data only.
- Establish a strong protocol for when a connected device is lost or stolen. Make sure features that allow device owners to locate, lock or wipe (destroy) all data on the phone are preset in advance. That way, the user can be instructed to follow your protocol when their phone is lost or stolen.