The biggest mistake companies and individuals make when thinking about cybersecurity is that nothing disastrous will ever happen to them, says Dale Dresch, IT audit manager for Maloney + Novotny, a business advisory and certified public accounting firm.
“People say, ‘I’m not big enough. No one is interested in me.’ But it doesn’t matter if you are a multimillion-dollar company or a small city municipality or a school district,” says Dresch. “People are getting hit with ransomware. It goes in cycles. For a long time, ransomware was a big thing, and then it tampered off because we got better at patching and other solutions. But it’s back with a vengeance.”
The payment to have your data unlocked by the cyber thieves who stole it is now about $35,000 per incident, according to Dresch. There is only a 50 percent chance you will get the information back even after you pay, and if you don’t fix the hole the cyber thieves will be back in six months. Nine out of 10 times ransomware bullies are never caught — basically because the cost to track them down in foreign countries that don’t cooperate with extradition or investigations is too prohibitive.
“The only 100 percent guarantee that you will recover your data is if your backup works. Here, we follow the 3-2-1 system that includes three different backups, including one off-site,” says Dresch.
“All your employees must be trained to recognize phishing and anything out of the ordinary. You don’t want them to interpret a situation while it’s happening. You don’t want them to do something that will cause all your information to be blocked. One of our large clients was down for two weeks while it recovered its information because they decided not to pay ransom. They thought all employees had been trained. But that wasn’t the case,” says Dresch, who also recommends cybersecurity insurance in many instances.
“Ransom is often expected to be paid in Bitcoin. I don’t have a Bitcoin wallet, but an insurance company can usually handle that,” says Dresch.
Unlike in the movies, Dresch says most cyber thieves aren’t dressed in hoodies and huddled over a computer ready to jump over your firewall.
“If someone wants to get into your computer, they probably will. But you don’t have to just throw up your hands and say there is nothing you can do. There are things that can help.”