Ransomware attacks are now a global threat. Between 2019 and 2020, attacks rose by 62% worldwide according to the 2020 Internet Crime Report. Attacks like the Colonial Pipeline in May 2021 are high profile cases that garner media attention, but SMBs and facilities of every size are now targets of cyber thieves.
Hospitals and medical facilities are favored targets because they house sensitive medical records. Facilities like these are in no position to bargain with cyberthieves, and they end up paying hefty ransoms to recover sensitive information. And the financial fallout from ransomware attacks is significant, with security experts estimating global ransomware losses to hit $20 billion in 2021, which is 57 times the cost just five years ago.
There’s a lesson to be learned for facilities managers: letting your properties become vulnerable to a ransomware attack is costly. Instead of paying cyberthieves, invest resources into mitigating your risks: shoring up your IT services, educating staff and creating response plans.
What is Ransomware?
Ransomware is a type of malware that enters your computer system and/or network and encrypts your data. Users lose access to files, applications and/or their databases. To decrypt the data, cyberthieves demand a ransom, and if the ransom isn’t paid, the data is destroyed.
Ransomware finds its way into most systems through direct attacks on software weaknesses or by exploiting human error through phishing emails. Once it infects your system, ransomware is programmed to spread to connected devices, encrypting more documents, spreadsheets and photos as it grows.
Train Staff on Cybersecurity Best Practices
Cyberthieves exploit human weakness to gain access to your data. It only takes one staff member clicking on the wrong email link to put your building data and tenant info at risk. That’s why beefing up your team’s cybersecurity skills is a top priority. Cybersecurity habits like these help you avoid many types of computer viruses and malware.
Updating Operating Systems
Operating system (OS) updates include the latest virus signatures and definitions. Older versions don’t, which makes them more vulnerable to cyber attack. Have your team set up auto updates for their Windows and Mac OS and installed programs. That way, forgetting isn’t an issue.
Identifying Phishing Emails
Email is a common entry point or “attack vector” for cyber criminals to deploy malware, and humans are notoriously susceptible to their exploits. Train your staff how to identify a phishing email to keep your network free of ransomware.
Creating Strong Passwords
Weak passwords let cyberthieves walk right into your facility network. Unfortunately, too many employees opt for weak, yet popular, passwords like “123456” because they’re easy to remember. Teach your team the simple steps of creating a strong password or consider investing in a password manager, which automates the process of creating and remembering strong passwords.
Turn on Two-Factor Authentication
Remind your team to implement two-factor authentication when possible. Turning this feature on adds an extra layer of security by requiring the users to identify themselves with a mobile device or an authentication app. Each user typically authenticates their sign in through a PIN number or biometric scans like a fingerprint.
Backup Your Data
Since ransomware targets your data, backing it up can help mitigate losses from encryption. Still, data backup has its limitations and can’t protect you like an anti-malware software, for example, but it does offer the insurance of data replication. In other words, it’s an after-the-fact solution rather than real time protection.
The first step in building effective backup is making sure you are backing up ALL your data. Some FMs may manage multiple facilities, each having separate databases and devices. Do you know where your critical info is stored? What about your team members? Are those with assigned devices backing up their data correctly? Critical data can easily be overlooked, which is why experts suggest conducting a data audit.
Data storage experts often advise business to follow the 3-2-1 Rule:
- Make 3 copies of your facility data: a production copy and two backups).
- Store your copies on 2 different media types (e.g., USB Drive, CDs, magnetic tape).
- Keep 1 copy offsite from your facility.
Ransomware moves throughout your system, and any connected devices are susceptible. The intention of the offsite rule is to “air gap” your data, removing it from the network completely. Cloud storage is considered “off site” but is also susceptible to the same attack if backups are updated too quickly. In other words, your cloud storage could begin backing up already encrypted data before you became aware of the attack. This is a risk for most backup systems, which is why physically disconnected storage is essential.
Get Ransomware Detection Software
Cloud-based companies like Microsoft build ransomware detection into their online storage platforms (i.e., OneDrive), but if you’re not using cloud-based storage, this doesn’t help. For an added layer of protection against malware, invest in a cybersecurity software that meets your needs and budget. Most major cybersecurity software brands include ransomware protection and decryption tools within their plans. While malware software isn’t a replacement for good cybersecurity habits and data backups, it does add redundancy to your system.
Include Ransomware in Your IRP
Ransomware attacks are high-pressure situations. Time is critical, and decisions have to be made on the fly. So preparation is key. Ensure your incident response plan (IRP) includes ransomware mitigation strategies. There are several basic steps most experts agree businesses should take when attacked by ransomware:
- Don’t pay the ransom. Experts say paying only puts you at risk of being targeted again. Plus, acquiescing only makes the problem worse for everyone else by financially incentivising the criminals.
- Disconnect devices. Your first move is to stop the malware infection. Disconnect your devices from your network and the internet. Unplug ethernet cables. Remove storage devices like thumb drives. Disable wireless connection (wifi) on your mobile devices.
- Get evidence. Take photos (with an uninfected phone) of the ransom notes and any correspondence with the thieves.
- Run a malware scan. Use the Task Manager on your Windows 10 devices to run a scan for ransomware. Shut down any Apple devices.
- Reset passwords. Change your passwords for your admin accounts.
- Get help. Solicit professional IT services for advice or help. You will likely need their services to ensure your network and devices are free of malware before reconnecting.
- Report the incident. Government cybersecurity agencies like CERT (NZ) can help you navigate the incident, record the attack and notify other businesses of the threat. Other reporting agencies include IC3 (US) and ActionFraud (UK).
At some point, you may want (or be legally required to) notify your tenants of the data breach. If there is a potential for the malware to spread to your tenant’s networks, early notification will help their office managers execute their own IRP’s. If cross-contamination is a low risk, you might move notification to a lower priority. Consult legal experts around your specific reporting requirements and adjust your IRP accordingly.
For more information and steps to include in your ransomware IRP, visit the National Cyber Security Center (UK) and the Australian Cyber Security Center.
When protecting your facilities from malware attack, think in terms of “layers” of protection. You and your team members are the first layer of defense. Your virus software is another. The more stopgaps you have, the better your chances of avoiding infection. It pays to invest a little time and money up front than to deal with the fallout from a successful hack. And remember, when it comes to ransomware, you’re not an island. Successful criminals go on to rip off other businesses, so your action or inaction directly affects the profitability of others.