- August 3, 2017
- Posted by: David Thornton
- Category: Business Advice, Cybersecurity, Employee Education, Productivity, Ransomware
Dispelling myths and misconceptions about malware and cyber-crime is necessary to help business owners and managers better understand their network environment, their employee’s use of company assets, and the threats to their network that can severely limit productivity and cut into profit margins. Here are 5 common myths about malware that can help your business avoid the mistakes other companies have made.
1. I don’t need an IT person. I only use MAC computers!
Apple products are still vulnerable to attack by cyber-criminals. Many businesses preferred PC’s because they were more customizable. Attacks on Apple products are on the rise. The first case of Ransomware on a Mac occurred in 2016. Cyber-criminals don’t care what type of computer you buy or what type of operating system you have.
2. My employee’s computer has malware. Bet they were on an adult website!
The prevalence of malware is so incredibly high that it is virtually unavoidable. According to Kaspersky Labs, there are 323,000 new samples of malware found every day! The only way you can avoid malware is to use an “air-gapped” computer. Air-gapped means that the computer has never been connected to the internet. The internet is a great resource for sharing information at light speed. Most businesses are dependent upon the reliable flow of information that the internet provides. Think not? Turn off your router when you go into work tomorrow and let me know how it works out for you. The presence or absence of malware is not a reflection of bad or inappropriate behavior.
Psst…as an aside, the adult website is probably safer than the website of your business, your favorite restaurant and your church. Adult websites invest in cyber-security because (1) they can’t afford downtime, and (2) their entire income is reliant on staying up (Oh no, he didn’t!).
3. My business is too small. Cyber-criminals aren’t interested in me.
Criminals don’t operate that way. A criminal doesn’t examine your P&L before deciding whether to target your business. The cyber-criminal likely doesn’t even know anything about your company. Cyber-criminals operate differently. They attach their malware to an email and send it out a million times across the world. If they get a click rate of 1%, that’s 10,000 victims. The average Ransomware demand has been on the rise lately, but for the sake of argument, let’s make it $500.
10,000 * $500 = $5,000,000.
$5 million while sitting at their computer with none of the worries that many street criminals face. Many operate in overseas countries with no extradition treaty, so they are well outside of the reach of the FBI. No risk of prison. Considering that this process is mostly automated and requires very little technical knowledge, they can make $5 million incredibly quickly with minimal skill!
4. Only $500? Paying the ransom is cheaper than paying you to secure my network!
If you factor in only the amount of the ransom, it is probably cheaper just to pay it. If that were the only factor, I would tell you myself to pay the ransom. There are some other factors that you need to weigh before you dole out that money though.
a. Paying the ransom doesn’t guarantee that you will get your data back.
How much is your data worth to your business? What if you pay the $500 and they won’t or can’t give you the data back? How well can your business operate without your Quick-books or other financial files, your business contacts, and your customer information? Last year, 25% of business owners paid the ransom and never recovered their data.
b. Paying the ransom isn’t a simple process.
Most of the cyber-criminals want payment in crypto-currency like Bitcoin because it is untraceable. Setting up a bitcoin account and purchasing the necessary amount to pay the ransom is not a simple process. It might take days just to complete the bitcoin purchase. How many of your employees rely on their computers and data to be productive? Multiply that times the average hourly wage of those employees. Now, multiply that times the amount of time it takes to get your computer back in service. Factor in the loss of revenue for notifying your customers of a data breach and providing them with credit monitoring. Now you are getting a better idea of the true cost of Ransomware.
c. Who are you paying for your data?
The people that are engaging in this activity are foreign government agents and multi-national corporations. These cyber-attacks, while easy to do, are not being carried out by the pimply teenager in his Mom’s basement. Our nation’s enemies are funding, ordering and carrying out these attacks. (In all fairness, we are probably doing it to them also.) When you think about giving $500 to a cyber-criminal, think about donating the money to Vladimir Putin, China, and members of the ISIS (or ISIL). Does it still sound like a good idea?
5. The biggest threat to my network is malware.
The biggest threat to your network are actually your employees. A 2015 study estimated that employee cyber-security training can reduce threats by anywhere from 45-70%. Of course, the training must be good quality, and should be followed up with regular testing. The end result, however, is invaluable. I can work with you to build layered security designed to protect your network, but what good is it if one click by an employee can bypass it? Educating employees is a relatively inexpensive endeavor, and they can use what they learn to avoid problems on their personal IoT devices. So, a win/win! Companies such as KnowBe4 provide online training and testing resources to help you at very affordable prices. As reseller partners of KnowBe4 training, we can manage the training and testing for you and still save you money on their normal pricing (limited to the Tampa Bay area).
Investing in cyber-security is one of the few things that our politicians agree on as a need. While they are fighting over the details, why leave your business vulnerable? Call A Better Choice Network Solutions at (813) 605-7251 today to schedule a free, no obligation consultation.