Q: One of my customers was recently hit with Cryptowall. They ultimately paid the price, coughing up a ransom totaling almost a thousand dollars (plus the added cost of downtime) to regain access to the encrypted files. How can I avoid dealing with a situation like this in the future? I want to make sure all of my customers are protected and know how to keep their businesses safe.
Ransomware is now considered a fact of life in today’s cybersecurity landscape. It’s a known threat, but that doesn’t mean people are protecting themselves from a potential ransomware attack, even though they’re aware of the risk. Often, users recognize a ransomware threat after it’s too late.
Take Cryptowall, for example. This form of ransomware was initially recognized in 2014 as a proof-of-concept ransomware and has since become a serious threat. It’s not uncommon to hear a small business owner say, “Oh, I think I got hit with Cryptowall.” In fact, Cryptowall and Teslacrypt, two of the more prevalent types of ransomware, have infected more than half a million PCs running Microsoft security software in the first half of 2015.
Since Cryptowall made its debut a year and a half ago, ransomware has become a commodity where Internet users can pay for access to the botnet used to deploy Cryptowall all on their own. While today’s more pressing security threats include massive data breaches and security holes in large corporation’s IT systems, ransomware hasn’t left the scene (heck, not even my Jeep Cherokee is safe anymore), and MSPs need to help protect their customers from it.
Whenever we get a question about cybersecurity and malware, we turn to Paul Hanley, one of our senior support engineers here at Intronis. Paul shared these tips for educating your customers about the threat of ransomware:
1. Put technical safeguards in place
As an IT service provider, you need to make sure each of your customers has the right technical safeguards in place to protect them from a cyberattack. But before you even think about preventative meaures, you need to have a backup solution in place and frequently test the backups running on your customers’ systems to make sure they’re working properly. If a customer is hit with ransomware, you’ll need to restore their operations as quickly as possible, and having a recent backup to recover from will save you both time and money.
There also are a number of specific things you can do to minimize the risk of a ransomware infection. As a best practice, have an intrusion prevention system and security software running on your customers’ computers. This should include antivirus software, firewalls, and spam filters. Then, make sure all security patches are up to date, and deploy new patches on a regular basis. Also, you should disable plugins on systems, specifically Flash and Java, wherever possible. We recommend scheduling a recurring meeting on-site with your customer so you can check to see if all these safeguards are working properly.
2. Train employees
Even when you have technical safeguards in place within your customers’ IT environment, it’s the employees who ultimately risk exposing the business to ransomware. User error is often to blame for inviting ransomware into a computer, such as an employee clicking on an infected online advertisement, pop-up window, or attachment in a spam email. Mobile devices are no longer immune to ransomware either, which has caused businesses to be cautious about allowing BYOD policies in the workplace.
For these reasons, the users are the most important line of defense, and that’s why you need to talk with your customers about ransomware, educating them on what it is and how they can defend themselves and their businesses. You can get all the employees together for a training session, and bring lunch to make it a Lunch and Learn event. If you’re unable to meet with them in person, you can create an online training program with videos that walk them through each lesson. Encourage your customer to require all their new employees to complete the training and offer it on an ongoing basis to avoid information being missed or lost. If you don’t have the resources to put this type of training together, you can always compile pertinent information in articles, guides, and quizzes and send them along in an email to the company.
Some small business customers will listen to your suggestions and learn what to be on the lookout for. These customers will run whatever security software you’ve installed and will know not to open an email attachment from an unknown sender.
Other customers might believe that a ransomware attack will never happen to their business. In this case, you will need to be more hands on and monitor their systems to make sure all the technical safeguards are in place and don’t get disabled. In either situation, be proactive and figure out what type of customer you’re dealing with so you can develop an appropriate and effective security policy.
3. Provide examples to end users
While you can tell your customers that they need to be careful when surfing the web or opening an email, you can’t guarantee that they’ll always respond appropriately. The most effective way to educate your customers on ransomware is to show them examples of what it looks like so they’ll know the warning signs and be able to identify a suspicious message or webpage.
Once ransomware has infected a computer, a message is displayed on the computer’s screen letting the user know that their machine has been compromised. Examples of these messages can be found here. It’s helpful to share this type of information with your customers so that, even if it’s too late, they’ll know to alert you and ask for help.
It’s also worthwhile to require your small business customers to administer a malware education test to their employees. For example, you can share SonicWALL’s phishing quiz with your customers, which includes examples of infected and legitimate emails and provides explanation of how to tell the difference.
Keeping Paul’s advice in mind, you should begin reaching out to your customers, offering a “health check” where you inspect their systems to uncover any security vulnerabilities. It’s important to start educating your small business customers as soon as possible because, as we all know, there are new cyber threats emerging each and every day. Without the users acting as the final line of defense, even technical safeguards won’t protect a small business from a ransomware attack.
Ask Intronis is a weekly advice column answering common questions from MSPs and IT service providers. It covers topics ranging from pricing and selling to marketing and communications—and everything in between. Submit your questions by emailing AskIntronis@intronis.com.