Posts

Scammers and hackers are constantly coming up with new ways to steal your personal information. These days the mobile phone in your pocket or purse is directly tied to your online identity. Scammers have devised a relatively new way to target that mobile phones – and grab all your personal and banking info –  called SIM swapping.

What is SIM swapping?

SIM cards are the tiny, removable cards found inside your mobile device. These cards are what makes a mobile phone yours. They identify you (as a mobile phone subscriber) and enable you to access your mobile provider’s network. In recent years, criminals have found a way to steal your mobile identity by swapping your SIM card through their own cell phone provider. They convince your carrier to switch your number over to a SIM card they own. This allows them to divert messages, access accounts and complete two-factor authentication. SIM Swapping is a costly problem. In August of 2018, cryptocurrency entrepreneur and investor Michael Terpin Sued AT&T for $200 million in punitive damages for permitting a $23.8 million theft in “SIM Swap” scam.

How SIM swap scams work

  1. Target you – SIM scammers need to obtain some key personal information like your name and phone number to make the scam work. Phishing emails are one way they get you to share your info. They can also find your info online, or via social media sites.
  2. Impersonate you – Once they have gathered enough personal information the SIM scammer calls your cell phone provider or uses the online chat to request a new SIM card in your name.
  3. Become you – Now that the scammer has a new SIM card connected to your phone number they can access all of the services/apps connected to your device – bank accounts, emails, pictures, calls, text messages, and much more.

The worst part of SIM swap scams is victims often don’t even realize they’ve been defrauded.

How to tell if you have been a victim of a SIM swap

MyCrypto and CipherBlade put together a great list outlining a number of ways to tell if you have been SIM swapped. Here are some of the highlights:

  • You receive a call from your phone carriers support when the attacker disconnects in order to try again. Don’t ignore this – they were just talking to someone pretending to be you!
  • Suddenly you have no cell reception and restarting your phone doesn’t fix it.
  • Before you lose your cell service or while on Wi-Fi you receive password reset emails from various services.
  • System notifications appear about account access and requiring you to re-enter your password.

How to protect yourself

While it might be impossible to completely protect yourself from scammers and hackers, you can certainly make it more difficult for them to take advantage of you. Here are some simple steps to start with:

Create a passcode/pin – Used to access your phone for online or phone interactions. Make sure you use a different PIN than other accounts.

Be wary of social media – Social media is a great resource for scammers trying to gain information on you! Make sure you don’t publish your phone number or really any personal information online. Birthdays, pet names, schools, and much more are common identification questions, so don’t make it easy for scammers to find this info.

Create unique passwords and usernames – While it is easier to remember just one username and password, make sure you use different usernames and strong passwords for all sensitive accounts.

Don’t click on suspicious links or email attachments – If a text, email, link, or attachment looks suspicious don’t touch it. Legitimate businesses, like banks, will not send you an email requesting you to disclose personal information.

Update your account details with your mobile provider – Reach out to your mobile provider and ask them to ensure any SIM swapping on your account occurs with you being physically present at one of their retail locations with a government-issued ID.

Regularly backup all of your important data – Implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

It has happened to all of us – a PowerPoint file, graphics file or really any large file that urgently needs to get to people both inside and outside your company. Historically, you were pretty much limited to email, however many organizations and email tools have file size restrictions. If you were sending to someone internal, you would need to post large files on a server and tell them where to find it. Outside of your business you might have to send a DVD, CD, or USB by courier with your large file or files. Today, we have better options, including email clients, browsers, file sharing services and cloud storage. Let’s look at each file sharing solution in detail.

Email clients

Email was and is still is a viable way to send files; however, file size restrictions are the biggest limitation. Additionally, you also need to consider the file size your recipient is able to handle. So while you might be able to send a 50MB file it doesn’t mean the person you are sending it to can receive it. Online email services such as Gmail, iCloud, and Outlook.com have maximum attachment sizes ranging from 20MB for iCloud and Outlook.com to 25MB for Gmail.  If you are over the file size limit you will be directed to their cloud storage services.

There are a variety of email clients used by businesses and similar to the online email services organizations they will set maximum attachment sizes. This helps control bandwidth and storage costs.

Browsers

Your browser isn’t just for surfing the internet! Firefox provides a quick and easy way for you to share large files with their Firefox Send service. This allows you to share files, up to 1 GB in size, without registering and with end-to-end encryption. You can share files up to 2.5 GB by creating and signing into your Firefox account.

Simply drag and drop or select files from your hard drive to upload. You can easily configure the link to expire after a certain number of days or downloads. Protecting the download link with a password is also an option. You can share you Firefox Send link through emails, social media, chats, or really anyway you want.

File sharing services

In recent years a number of file sharing services have become popular.

Dropbox

The popular file syncing and sharing platform, Dropbox, offers a stand alone file transfer tool. Unlike the typical Dropbox file, when using the file transfer tool, the recipient does not need a Dropbox account to access the file. However, the sender does need an account. Those with the free basic plan can transfer files up to 100 MB, while those on paid plans can transfer 2 GB to 100 GB, depending on the plan. The paid plans also offer the ability to add a password and expiry date for link.  Important to note, unlike the regular Dropbox file changes to the document made by the recipient are not synced back.

WeTransfer

WeTransfer provides users with a simple way to send big files around the world. They offer both a free and paid WeTransfer Pro level. Files can be shared with both email and link options. With the free version no login is required and you can send up 2 GB of files that are deleted after 7 days. The Pro level is $12/month but it enables users to send up to 20 GB of files, set expiration dates and add password protection.

Smash

Similar to WeTransfer Smash enables users to easily send large files. With Smash there is no limit on files sizes and while there is no registration required an email address is necessary when you upload files. Smash offers both a free option and paid plans. With the free option files are available for 14 days. Their paid options include Premium at $5/month and Team at $12/month, with additional features like password protection and extended file availability. Files can be shared with both email and link options.

Cloud storage

Many popular cloud storage and cloud backup services have file sharing options built right into the product. As mentioned previously, Dropbox offers a Transfer feature for one-off sharing, but their full platform enables both teams and individuals to store, share and securely access files. For fans of Google there is Google Drive. It allows businesses and individuals to store, share and access files from any device. For individuals the first 15 GB are free. Businesses can leverage a pricing model that prices by active users and offers enterprise grade security and management tools. OneDrive and iCloud also offering sharing options, but not at the same level as Google Drive and Dropbox.

Cloud backup services, like Data Deposit Box also offer a file sharing solution. Data Deposit Box users can quickly and easily share (optional password protected) files and folders or folders they have backed up with anyone via email or link.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Malware threats are on the rise! So how are these viruses, worms, and trojans continuing to infiltrate businesses around the world? We break it down in this informative infographic!

Top 7 Weaknesses Malware Exploits

(View infographic as a PDF)

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

These days virtually every device, app or website requires a password. It is estimated that by 2020, the number of passwords used by humans and machines worldwide will grow to 300 billion. With that many passwords flying around, it’s important to consider some common mistakes and password best practices.

9 common mistakes when creating passwords

The 2019 Verizon Data Breach Investigations Report found that 80% of hacking-related breaches involved weak password credentials. In their 2017 report this data point was 81%, so the lack of change shows how much of an issue weak passwords continue to be. Varonis has found that 65% of companies with 500+ users, never prompt users to change their passwords. It is also estimated that 28% of adults in the US use the same password for all of their online accounts.

Troy Hunt identified some of the worst passwords in version 2 of his Pwnd Passwords. Included in the list were 123456, 123456789, qwerty, password, 111111, 12345678, abc123, password1, 1234567, and 12345. The National Cyber Security Centre in the United Kingdom found in a breach analysis that 23.2 million victim accounts worldwide used 123456 as the password.

CNBC outlines 9 of biggest password mistakes:

  1. Changing passwords too often
  2. Making them too complex
  3. Not screening them against lists of compromised passwords
  4. Recycling the same passwords
  5. Being too familiar (using pet names, birthdates, etc.)
  6. “Remembering” password on a device
  7. Using common, easily hacked characters (123456, qwerty, etc.)
  8. Not password protecting mobile devices
  9. Storing a password list on computer

Password Best Practices

Now we know what not to do! Let’s review recommended best practices for setting and storing passwords.

  • Create a strong password – There are lots of opinions about what makes a strong password. In general, a strong password has a combination of upper and lower case letters, numbers, and characters. Opinions on password length range between from 8 to over 20 characters. Ensure you create a strong password for each account/website/device.
  • Stay away from the obvious – Avoid common passwords like noted above and easily identifiable information.
  • Leverage twofactor authentication –  With two-factor authentication just having your password isn’t enough. This precaution requires a PIN that is sent to you via email, SMS or app, to be entered with the password.
  • Test your password – Make sure your password is up to security standards by running it through an online testing tool. Microsoft’s Safety & Security Center offers a password testing tool that helps individuals and organizations create passwords that are less likely to be hacked.
  • Use a password manager – While people are good at remembering a great many things, relying on the human memory to store important passwords is risky. A password manager stores the unique passwords you have created for every website and will even help come up with passwords. It generally installs as a browser plug-in to handle the capture and replay of passwords. Recently, PCMag reviewed popular password managers for 2019, including Dashlane, Keeper Password Manager & Digital Vault, 1Password and LastPass Premium.
  • Change your passwords – It is tempting to keep using the same password, but changing your password periodically is a good idea. The Better Business Bureau suggests changing passwords every 30 days. However, many security professionals believe changing passwords frequently makes things worse as people have too many passwords to remember and use simpler passwords. Definitely change your passwords when there has been a security incident or cyber attack, unauthorized access, or you have logged into an account on a public computer.

Protect you and your information

Take the following steps to protect yourself and your data:

  • Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.
  • Ensure versioning is in place for files, sync and backups. This means saving versions of documents to protect against accidental deletion and for audit purposes
  • Ensure you and your employees are regularly trained on cybersecurity, proper data handling and storage, and password protection practices.

Remember, it only takes 1 weak password to compromise your systems, network and data.  Don’t be a victim, proactively protect your systems, network and invaluable data by implementing these 9 tips of what not to do, and 6 tips on what to do.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Backing up your data is like insurance. You need to do it so you’re prepared when disaster strikes. From natural disasters to hardware failures to malware, the threats are significant. Seagate reports that 140,000 hard drives fail in the United States each week. Cybersecurity Ventures claims that today, a business falls victim to a ransomware attack every 14 seconds – and this number will increase to every 11 seconds by 2021. CNBC reports natural disasters cost the United States $91 billion in 2018.

Not all backups are equal. Businesses can choose between backing up data to the cloud, or backing up data locally and on-site.

We’re going to shed some light on cloud vs on-site backups, and top considerations when evaluating which option makes sense for your business.

An Overview of Backups

Backup refers to the one way copying of data (folders & files) from one location to another. It’s a snapshot in time, or your data, at that time. Generally, most users and small businesses backup files to external hard drives, servers, or the cloud. Backing up is the most reliable way to protect your data and ensure business continuity when you experience major problems such as hardware failures, viruses, or natural disasters.

Individuals and businesses can either backup their data in the cloud (cloud backup) or locally (on-site).

Cloud Backup 

Cloud based backup services eliminate the need for you to have the necessary infrastructure in your business to backup locally.  This includes local storage hardware like external drives, storage servers (NAS devices), tape, optical storage and related hardware. Data backed up to the cloud is encrypted and transmitted securely over the internet to a data center that houses the hardware on your behalf. Cloud backups come in a few flavors – private, public and hybrid.

Private cloud refers to a network, hardware and storage dedicated to a single organization. It is a costly option for anyone other than a large enterprise.

Public cloud refers to a cloud services provider who supplies the infrastructure and backup service; shared across many individuals and businesses. Public cloud providers provide greater scalability. However, data security is a concern since data is stored outside the organization. Popular public cloud backup services include Data Deposit Box, iDrive, Carbonite, Acronis, AWS Backup, Azure, Google Drive and iCloud.

Hybrid cloud is a mixture of both private and public cloud. Many hybrid cloud scenarios backup the majority of data with a public cloud solution; as it’s more scalable and cost effective. A private cloud may be used for sensitive data that is contractually obligated, or is required by law or regulation, to stay onsite.

On-Site backup overview

On-site backups are typically housed in an office. Data is backed up to devices such as network attached storage, storage servers, and tape. Generally, the backups are stored onsite for a period of time and then archived in secure offsite storage. Often organizations start by backing up to an on-site device, but find the cloud backup services to be a more viable solution because of recovery time, security, and costs.

Research by Clutch predicts 78% of small businesses will back up their data on the cloud by 2020. While the Acronis  2019 World Backup Day Survey found 48.3% of businesses rely exclusively on cloud backups and 26.8% use a combination of cloud and on-premise.

Which Backup Option is Right for You?  Top 3 Considerations for Choosing Cloud vs On-Site Backup

Recovery Time Time is money and the longer it takes to recover your data after a disaster, the higher the financial impact. Recovery time is highly dependent on how you’ve been backing up your data. On-site backups take hours, days, or even weeks to recover, depending on how and where they are stored. With cloud backups recovery time may range from minutes to hours. Only an internet connection is needed to start the recovery process.

Security – Backing up data on-site exposes it to the same risks as your business. Risks include natural disasters, fire, technology failures, and cybersecurity breaches. Cloud backups alleviate some of these issues as data centers are protected by tight security and have redundancy built-in.

Costs – With on-site backups you’re responsible for both the cost and maintenance of the infrastructure required. Costs include software, hardware, personnel, and overhead such as electrical. With a cloud backup solution you’re only responsible for the costs of storage you use. Backup-as-a-Service (BaaS) providers like Data Deposit Box charge a flat rate monthly fee based on the amount of data stored (measured in GB) per month. Additionally, they provide an easy to use calculator to help estimate your monthly storage costs.

When considering which option is right for you, it’s also important to think about the following:

  • Protecting your most valuable asset – data
  • Backup best practices require firms to keep 3 copies of data (one primary, two backups (usually 1 as a primary backup, 1 on mirrored on disaster recovery equipment)
  • Offsite, real time cloud storage of your data is the only true way to protect you against hardware failures, a disaster (flood, fire etc.), and malware

Don’t wait for a disaster or malware to strike. Protect your data!

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

The question isn’t if your business will experience a disaster, it’s when. From hardware failures to natural disasters to cybercrime, the threats to your business are growing in number and severity. Seagate reports that 140,000 hard drives fail in the United States each week. Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019, and every 11 seconds by 2021. CNBC reports natural disasters cost the United States $91 billion in 2018. When your time comes, what impact will downtime have on your business?

The impact is huge

Gartner estimates the average cost of downtime to a business is $5,600/minute or ~ $300,000/hour. With this number in mind, it’s not hard to see that cyber threats have the potential to have a devastating impact on a business. Osterman Research found that 22% of businesses with less than 1,000 employees cease business operations after a ransomware attack. And the impacts aren’t just financial. For businesses that do survive, disasters also negatively impact morale, company reputation, productivity, and customer loyalty.

Is your business ready?

With natural disasters, cybercrime, and technology failures in the news everyday, every business must have a disaster recovery plan, right? A survey of SMEs (small and medium-sized enterprises) by Riverbank IT Management research found that 46% of SMEs don’t have a backup and disaster recovery plan. For those that do have a plan, 23% have never tested it. A 2018 Global Data Risk Report by Varonis found 21% of files in an organization are unprotected. So when disaster does strike, and there’s no plan or protection, if you’re lucky enough to survive, the financial and non-financial cost will be enormous.

The good news? Research from Datto shows that 90% of businesses with a disaster recovery plan fully recover.

Building a disaster recovery plan

A disaster recovery plan outlines the policies and procedures an organization needs to follow should a disaster strike. The objective is to protect the company’s most valuable assets (data, systems etc.), reduce downtime, financial impact, and get the business back online as quickly as possible to minimize impact on employees, customers and the brand. Plans can differ depending on the type of disaster, but the objective is ultimately the same.  There is lots of research and commentary on disaster recovery plans. Here are some of the key elements to consider:

Emergency response plan – Outlines the actions to mitigate damage to people, property and an organizations’ ability to function during a disaster.

Business continuity plan –  Logistical recovery plan used to restore normal business operations and processes in a disaster situation.

Contingency plan –  Often referred to as Plan B, a contingency plan addresses how an organization may respond to a future situation.

Business impact analysis – Process that determines and evaluates the potential impact of an interruption to critical business operations as a result of a disaster or emergency.

Recovery Point Objective (RPO) – Think about how often systems backup. When a disaster strikes and systems go down data can be restored based on the most recent backup. It is important to determine the frequency of backup that makes sense for an individual business. Would restoring data to the previous hours, days, or weeks data be sufficient to get the business live again?

Recovery Time Objective (RTO) – How long can systems be down before data is recovered and business goes back to usual? The RTO may vary by system. For example, it might be determined that an organizations’ Point of Sales (POS) system needs to be recovered in a matter of hours; while, an email system could be down for a day or two.

Communications plan – During a disaster communication is key. Ensure a plan is in place for communicating to employees, customers, partners and even the general public. In the case of a cyber security breach a communications strategy will help reduce the negative impact on the business.

Testing and training – Run drills to test the effectiveness of disaster recovery plans. Drills provide a great opportunity to tweak plans before a real disaster strikes. Ensure employees are informed about disaster recovery plans and trained on processes regularly.

Backup data – Regularly backup all of your important data at both the organizational and individual level. This ensures minimal disruption during a disaster. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Phishing gets lots of media attention; however, for many it is a bit of a mystery. What is phishing? Are there different types of phishing? How can you prevent a phishing attack? Let’s investigate each of these areas in detail.

What is phishing?

Wikipedia describes phishing as a fraudulent attempt to obtain sensitive information, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. Attackers will spoof their email address to appear like someone else, set up fake websites, and disguise website URLs. It is becoming harder to figure out who and what you can trust. Avanan’s 2019 Global Phish Report found that 1 in every 99 emails and 1 in 25 branded emails is a phishing attack. Microsoft and Amazon are the most popular brands used in phishing emails. Additionally, 30% of phishing emails slip through security programs, so the threat is significant.

Phishing campaigns have two primary objectives:

  1. Obtain sensitive information – Phishing emails often seek to get you to reveal important information, such as your username or password. This gives the attacker the necessary info to access a system or account. It is very common for messages to appear like they are from your bank, credit card company, or a number of other places you would expect to be reputable.
  2. Distribute malware – The emails that aren’t stealing your credentials are trying to infect your computer with malware hidden in attachments (you can read more about malware in our blog here). Often these .zip files or Microsoft Office documents will appear to be something you are expecting, but in reality it is malicious code. In 2017, it was estimated that 93% of phishing emails contained ransomware attachments.

Types of phishing

There are a few different types of phishing. However, the one thing they all have in common is the fraudulent attempt to obtain sensitive information. Major categories of phishing are:

Spear phishing – Attackers craft a message targeted at a specific individual. Social media sites are often used to identify the target and gather information for the attack.

Whaling – Similar to spear phishing, but the target is a high-value person. The target is generally a person with power, a CEO, senior executive or board member, at a large organization.

Clone phishing – Attackers clone a legitimate previously delivered email and replace the links and/or attachments with malicious code. Clicking the links or opening the attachments enables the attacker to take control of your system and send additional malicious emails masquerading as you.

Phone phishing – Similar to email phishing, the caller claims to be a trustworthy entity like a bank or the government. They try to scare you with a problem that must be cleared up immediately. Their objective is to access account information or have you pay out money.

SMS phishing – These attacks are carried out by SMS text. The text message contains a malicious link that enables the attacker to obtain sensitive information.

Identifying and preventing a phishing attack

The harsh reality is that at some point virtually everyone and every organization will experience a phishing attack. The cost of phishing is significant. In 2018, the FBI’s Internet Crime Complaint Center reported that companies around the globe lost $12.0 billion due to business e-mails being compromised. The cost goes beyond just dollars and cents. Phishing attacks lead to decreased productivity, loss of confidential data, and damage to company reputation. Deloitte reports that 1 in 3 consumers will drop a company like a hot potato after they experience a cyber security breach.

However, there are steps you can take to reduce your chances of becoming a phishing victim.

  • Trust your gut – If something seems too good to be true, then it likely is. Be suspicious, not trusting. Legitimate organizations will never send emails asking you to provide personal information over the web. A quick Google search with the subject or text from a suspicious email will often identify if it is a known phishing scam.
  • Double check URLs – Before you click or enter personal information double check URLs. It is very common for a link in an email to say one thing but the URL is totally different. Mouseover a link first to see if it is legitimate.
  • Look for URL redirects – Make sure you are going to the URL you expect and not a different website with a virtually identical design.
  • Don’t trust urgent/scary emails – Attackers are generally trying to create a sense of urgency or fear. Question emails that are telling you to “Act Now” or “Pay Now”. According to KnowBe4 in Q1 of 2019 35% of phishing emails started with the subject line – “Password check required immediately.”
  • Watch for questionable attachments – Attachments are one of the most common ways to distribute malware. If it looks even remotely suspicious don’t trust it.
  • Don’t share personal info on social media – Avoid sharing personal information such as your birthday, phone number, or address on any publicly accessible social media platforms.
  • Educate, educate, educate – Knowledge is understanding. Regular training on new threats and what to look for are key to preventing a phishing attack.
  • Protect your data – Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

You hear news reports almost daily about ransomware taking down organizations around the globe. Cyber Security Ventures estimates a new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021.

What is ransomware?

Ransomware is a type of malware which takes full control of your system and requires a ransom payment to regain access. In some cases, ransomware threatens to publish confidential data unless a ransom is paid. Norton breaks down the different types of ransomware – Cryto malware, Lockers, Scareware, Doxware and Ransomware as a Service (RaaS).

Stages of a ransomware attack

Ransomware attacks can be broken down into four different stages. What starts off as a simple click in an email, or a download from the internet, or a website visit, can very quickly lead to a whole lot of trouble and enormous expense.

Stage 1 – Phishing

One of the most popular ways for cybercriminals to access your system is a phishing email. Statistics indicate 1 in 25 branded emails are phishing emails. Avanan, a cyber security platform, reports the two most popular brands phishers pose as are Microsoft (42%) and Amazon (38%). Additionally, the Avanan research finds phishing attacks fall into a few different categories – credential harvesting (41% of attacks), extortion (8% of attacks), malware (51% of attacks), and spear phishing (0.4%).

Stage 2 – Burglar prowling

Once a link is clicked and the malicious code downloaded, the burglar begins to prowl. Your computer is compromised. Ransomware starts infiltrating your computer in a matter of seconds. In 2017 the WannaCry ransomware spread like wildfire and in a matter of hours encrypted hundreds of thousands of computers in over 150 countries. Ransomware looks for files on your computer, network, and in the cloud to encrypt.

Stage 3 – Locked out

Encryption of files on your local computer can happen in a matter of minutes. Within a few hours, encryption will impact files on your network or in the cloud. Once the malicious software takes hold, it will lock you out of your most important folders, files and data; giving you no access until you pay. Files in Saas based applications like Dropbox and Office 365 are the most likely to be impacted. Kaspersky found 65% of businesses hit by ransomware in 2017 lost access to a significant amount or even all their data. Additionally, they discovered 34% of businesses hit with malware took a week or more to regain access to their data. Coveware’s Ransomware Marketplace Report estimates the average number of days a ransomware incident lasts, to be over a week at 7.3 days, up from 6.2 days in 2018.

Stage 4 – Ransom request

Your files are encrypted and the cybercriminals are demanding you pay a ransom to regain access. Do you pay? Research indicates that 97% percent of United States’ organizations refused to pay the ransom. However, 75% of Canadian, 22% of German, and 58% of UK, companies paid the ransom. Datto reports the average ransom for a SMB is between $500 to $2,000. So while the ransom itself isn’t significant, the downtime from an attack can cripple a small business. Additional research from Datto found the average attack is 10 times more costly to the business than the ransom itself. Attacks cost a business $46,800 on average and the ransom requested averages $4,300 per attack.

Protecting your business from a ransomware attack

There is no single solution that will protect you and your business from a ransomware attack. Antivirus software, email/spam filters, and regular software updates are a few things you can start with. Focus more time and resources on:

Cybersecurity training People are one of the weakest links when it comes to cybersecurity, as a result make sure you EDUCATE!!

Backup and disaster recovery plan – Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Does having antivirus software on your computer protect you and your data from cyberthreats? What else should you be doing? Backups, software updates, firewalls, there are lots of options to consider.

Let’s start with a few basic definitions:

Virus – A small program or piece of computer code that alters the way a computer operates without the knowledge or permission of the user. A computer virus executes and replicates itself.  The worst computer viruses of all time include ILOVEYOU, Melissa, WannaCry, CryptoLocker, Conflicker, Mydoom, and Shamoon.

Antivirus software – Helps protect your computer against malware and cybercriminals. Antivirus software looks at data traveling over the network to your devices and searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. The most popular (based on market share) antivirus software includes Avast, Microsoft, ESET, Symantec, and AVG.

Backup – Backing up your files is one way copying – a snapshot of a version of a file or data, from one location to another (computer drive to hard drive, computer drive to file server or NAS, computer drive to cloud drive), at a specific point in time. It is used to protect a file, in case of loss or corruption. If a user wants access to a backed up file, they will often have to restore that file to their computer, from their backup. The most popular backup products are Data Deposit Box, iDrive, Carbonite, Acronis, AWS Backup, Azure, Google Drive and iCloud.

Firewall – A network security system that monitors and controls incoming and outgoing traffic on your network. The most popular firewall products for business includes Barracuda, Bitdefender, Cato Networks, Kaspersky, and FortiGate.

An Overview of Antivirus

Antivirus software is a key element of any cybersecurity strategy; but, it does have limitations. Traditional antivirus software is becoming less and less effective. 73% of attendees at Black Hat in 2017 felt traditional antivirus software no longer services a purpose. In the past antivirus software could protect against 80-90% of security threats but now it is believed to protect against less than 10% of threats. A 2018 report from McAfee found there were an average of 480 malware attacks a minute. The reality is cybercriminals are savvy and have found other ways to gain entry onto computers and networks, ranging from Adware to phishing to sophisticated malware.

Limitations of traditional antivirus software:

  • It’s reactionary – Antivirus software countermeasures only start when malicious code or a virus is found. As a result, it may be too late, unless you’ve backed up using versioning.
  • Needs regular updates – Hackers are always one step ahead of the Antivirus software companies. Unless you’re updating almost real-time, you could be exposed.
  • Performance issues – Antivirus software runs continuously in the background. As a result, it requires a significant amount of memory and resources.  This can have a significant impact on the speed of your PC and/or network.
  • Human negligence – Even the best antivirus software can’t protect against people who aren’t educated about malware and internet security practices. Often, infections occur through poor computing practices.  Learn more about what NOT to do here.

An Overview of Backups

Backup refers to the one way copying of data (folders & files) from one location to another. Generally, most users and small businesses backup files to external hard drives, servers, or the cloud. Backing up is the most reliable way to protect your data and ensure business continuity when you experience major problems such as hardware failures, viruses, or natural disasters. Various software and services automate the process of backing up at the schedule you determine. Cloud based backup services eliminate the need for you to have the necessary infrastructure in your business.

Not all backups are equal.  To backup properly, your backups must use versioning.  Versioning ensures incremental backups of changed documents – storing different versions as it changes over time.

Data Deposit Box provides cloud backup protection and peace of mind – guaranteed. With Data Deposit Box you can backup and manage everything with one app. You can backup an unlimited number of devices to your account, including Windows and Mac OS servers and computers, iOS and Android mobile phones, Synology and QNAP NAS devices.

Antivirus + Backups = Excellent Protection

A combination of antivirus software and cloud-based, versioned backups will provide you with the confidence that your important data is safe from hardware failures, viruses and natural disasters.

Follow these best practices to protect yourself and your data:

  • Stay up to date – Keep your devices and their software (antivirus, OS, firmware, applications) up to date. Schedule 10 minutes in your calendar each day to check for updates.
  • Use firewalls – Install firewalls on routers and devices.
  • Backup to the cloud, with versioning – Implement a cloud backup solution to ensure your important data and files are safe, and ensure you have versioning turned on.
  • Education – People are one of the weakest links when it comes to cybersecurity, as a result make sure you EDUCATE!!

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

To understand malware and ransomware we need to first define what each is. Let’s start with the basic definitions:

Malware is a broad term describing any malicious code or program, including viruses, worms, and trojans, that provide an attacker with control over your computer, server or network.

Ransomware is a type of malware which takes full control of your system and requires a ransom payment to regain access.

Taking a closer look at Malware

Symantec breaks down the different ways malware infects targeted computers:

  • A worm is a malicious program that replicates itself and spreads from one computer to another without a host file. Worms are frequently found in files, however in this case the entire host file is considered the worm.
  •  A virus is a small program or piece of computer code that alters the way a computer operates without the knowledge or permission of the user. A computer virus executes and replicates itself.
  •  A trojan horse is an imposter, a program or files that appear to be something you need but in reality is malicious. Unlike a virus a trojan does not replicate itself. Rather, you invite it onto your computer, most commonly by opening an email attachment.

Where does ransomware fit in?

As noted above ransomware is a type of malware which takes full control of your system and requires a ransom payment to regain access. In some cases, ransomware threatens to publish confidential data unless a ransom is paid.

Norton breaks down the different types of ransomware:

  • Crypto malware – This type of ransomware encrypts files to extort money. The WannaCry ransomware is likely one of the most recognizable examples of crypto malware. It targeted thousands of computers around the world and spread quickly through corporate networks across the globe.
  • Lockers –  This type of ransomware infects your operating system and completely locks you out of your computer.
  • Scareware – A fake software that represents itself like an antivirus or a cleaning tool. It typically claims to have found issues on your computer and demands money to resolve the issue.
  • Doxware – This type of ransomware is often referred to as leakware and it threatens to publish your stolen information online unless a ransom is paid.
  • RaaS – “Ransomware as a Service” is malware hosted anonymously by a hacker. The distribution, payment collection, and file decryption are all handled by a hacker in exchange for a portion of the ransom.

How do you protect yourself?

Malware and ransomware continue to have significant impact on individuals and organizations around the globe. Here are a few key things you can do to help protect yourself:

  • Backup your data
  • Use security software
  • Regularly update your software and systems
  • Be wary of email attachments
  • Educate your employees

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days