Over the last 24 months we have seen so many new virus, trojans, and attack vectors our minds are starting to boggle a bit. However, without doubt the most destructive of all is a variant called Crypto Locker. Basically, Crypto Locker gets into your system, it then immediately starts encrypting files, starting on the local machine and progressing to any server shares, NAS device shares, even RDP sessions in some newer cases, and encrypts anything it can find. Once it has nothing else to encrypt it spits up a smug message proudly stating what it has done and that you need to pay something to someone to get the decryption key.
It’s normally at this point we get the call. Invariably we go in and confirm that the files are now encrypted, and here is the bit that shocks everyone, there is ABSOLUTLEY NOTHING WE CAN DO, with the sole exception of canning the network of all infected machines and restoring everything from a backup. Workstations have to be wiped and re-installed, data is invariably lost, and in one case, no-one had bothered changing the backup drive for month, and you got it, it was encrypted.
Why do people do it? Well the simple answer is money, alone Crypto Locker is suspected of generating millions of pounds in ransom fees. People pay it because they are scared, especially home users, or people without a backup desperate to save their data. Don’t be one of them.
To be successful in not losing your data to Crypto Locker you MUST employ a three-way defence strategy, firstly you should ensure every single system that connects to your corporate network has a good quality anti-virus installed and this should include heuristic analysis, and zero hour updates, these are features that you will not get with a “free” antivirus. Secondly you must ensure you have a reliable rotating backup. We do perform weekly checks on all contract holder backup systems. But you are ultimately responsible for your company’s data and strategy. Thirdly, if you have people bringing in their own equipment such as laptops, phones tablets etc, these can be carriers.
I have long had the discussion with managers and directors who see no issue with giving people access to the “internet” via their Wi-Fi Connection, which in principal is fine, but that should not be Wi-Fi connected to your organisations central data network or you are opening yourself up to these devices being used as carriers for incoming viri, trojans, they can be used to steal data, most devices can accommodate a vast amount of storage space these days, just think, SD cards are available in 512Gb, which for a small business could be a vast amount of data, if not an entire copy.
As the director, you are responsible for anything connected to your network, so for example if someone brings in a laptop which is full of “media”, which could cover anything from child exploitation, to pirated mainstream films and music, and they happen to be using some sort of peer-to-peer network sharing on that device, then who is responsible as it’s using your internet connection? Now just think, peer-to-peer network apps have been available on smartphones for some time.
What’s your point??
Well I am trying to impress on middle to upper management, we are past the point, technologically speaking, where we can trust our company’s data security to the wind. There are so many things out there that are ready to screw over corporate networks and are specifically designed to take your money and steal your data illegally, and there is, in 99.9% of cases, absolutely no recourse. You have to take responsibility for your company’s data. I know, it’s nice for people to be able to use Facebook and facetime at work to stay in touch, but if you wish to provide this service to them, get a £20 per month Internet connection with dynamic IP set up away from your corporate network and let them use that. Keep the corporate network clean, and prevent opportunity for foreign systems and devices to even connect to it. We can’t be responsible for a device that comes in to your building from anywhere, connects to your network, and steals data or infects your company computers with a virus.
Does this scenario ring true in your office, someone shows you and a group of others a questionable video on their mobile phone on some weird website you have never heard of, a few minutes later that phone is plugged into a USB socket on a corporate workstation “to charge”, that connection is also a data connection, that user is now exposing your corporate network to everything it’s picked up from dodgy wifi access points, virus, trojans, exploits etc that it has ever come into contact with.
Pay for a decent reliable, branded, with support Anti-Virus, ensure Firewalls and routers are patched and rules updated on a minimum 6-month schedule. Educate your staff what is and what is not acceptable usage of the corporate network. Turn off USB ports where possible, have public access wireless internet access installed away from your core network, which can also provide ports for sales reps etc that come in and want internet access. We understand the need for people to be connected, we also understand first-hand the dangers this brings to each and every business.