It was a typical Tuesday morning at a professional firm for which I managed IT services. Employees arrived at the office and turned on their computers only to find that they were locked out of their corporate and customer files. This was no IT snafu. It was a cyber attack in which criminals managed to sneak malware onto the system via a phishing email. The malware hidden in the email attachment infiltrated the system and encrypted numerous types of Windows files. This not only exposed sensitive data — from customer Social Security numbers and corporate business plans — to outsiders, but blocked employees from all data, effectively preventing them from working. They were essentially locked out of files on the network and in Dropbox accounts.
Luckily, in my more than 15 years in IT — as an IT contractor before Peterbilt hired me to head in-house and outsourced IT services — this scenario has been rare. Unfortunately, 18 months ago this was a reality when the ransomware dubbed “CryptoLocker” hit businesses around the globe, including some of our customers in Reno, Nevada.
CryptoLocker is what is known as ransomware. The malware spreads via email attachments and infects Windows machines. Once activated, it encrypts files on local hard drives and mapped network files. At this point, there are two things a victim can do: pay the ransom fee with Bitcoin to retrieve the decryption keys and hope the criminals unlock the data, or erase the system and restore from a secure backup.
Because the impacted professional firm relied on Dropbox to store files and hadn't properly backed up its data, the company did the only thing they could do — purchased Bitcoin and paid the fee. Even then, the company's data was not restored.
Less than two percent of CryptoLocker-infected organizations go through the hassle to get Bitcoin and pay the ransom fee; and most who pay don't ever see their data again. That leaves endpoint backup as the only solution to proactively protect against ransomware threats. Unfortunately for this firm, CryptoLocker caused such huge financial losses and harm to its reputation, it went out of business in less than a year. On the other hand, another client hit by CryptoLocker was hardly affected because it used an enterprise endpoint backup solution (in this case, CrashPlan from Code42) to protect all endpoint data.
CryptoLocker and other ransomware and malware pose severe threats, and they're exacerbated by the increased use of public clouds. Employees store sensitive corporate data using services like Dropbox and regularly move data from work accounts to their personal accounts for easy access from home or a coffee shop. These services lack the security features that enterprises need, such as strong encryption and forced strong passwords.
My motto has always been “a good offense is the best defense.” I encourage IT to be proactive about data protection, rather than reactive. Here are four basic things IT leaders can do to help keep endpoint data secure, no matter where it resides:
- Protect data on laptops and desktops with an enterprise-grade endpoint backup solution.
- Provide a secure alternative to consumer-grade sync/share tools.
- Create a carefully written BYOD policy and update as needed.
- Specify data security policy controls on personal cloud accounts—you may even wish to restrict use of personal cloud accounts for work purposes.
- Enforce strong passwords.
The saying “better safe than sorry” rings true when it comes to data security. Malware is getting more effective at sneaking into systems, stealing data and now even locking employees out of their files forever. A good backup and recovery system is more than just an emergency plan for the usual outages and inadvertent employee data deletions. It's insurance against the financial and other losses that hit a company when the unexpected does happen.
Todd runs the IT division of Peterbilt Truck Parts & Equipment, which provides service to about 100 users at the truck dealership and acts as the local IT shop in Sparks, Nevada, for 45 small business customers.