How many of us have experienced difficulties in opening an important file, or found you’re unable to access some data you need, or even experienced a hard drive failure which had important documents or photos stored on it? Now imagine that all your important data was unavailable and how that would impact on your business continuity.
At the WCRC we often focus on the importance of strong passwords, using multi-factor authentication (MFA), and recognising phishing attacks as a cybercriminal may try to crack your password or send a phishing email to deploy a type of malware called ‘ransomware’.
Ransomware causes your data on your computer and wider network to be encrypted, meaning you can no longer access it. You will likely receive an on-screen notification from the cybercriminal, explaining the ransom and how to make the payment to unlock your computer and regain access to your data. Payment is usually demanded in a cryptocurrency, such as Bitcoin. But if you have a back-up then you are in a position to ensure your business can continue to operate.
Although ransomware is one reason why it is important to create a backup copy of your important data, it also applies where your device is lost or stolen, or your device breaks, or the data on your device is accidentally deleted or becomes unreadable.
When you make a backup, make sure it is stored in a separate safe location, whether that is on the internet (known as cloud storage), or on removable media (such as USB stick, SD card, or external hard drive). This is important as we have spoken to Welsh businesses that were creating backups, but not keeping them separate to their main network/computer, and as such were of no use when they suffered a successful ransomware attack as these ‘backups’ were also encrypted.
Once you've made a backup, if you lose access to your original data, you can restore a copy of it from the backup. As a rule of thumb, you should back up anything that you value. That is, anything that would inconvenience you - for whatever reason - if you could no longer access it.
On World Backup Day (31 March) everyone is encouraged to be prepared for data loss and data theft and to backup and better protect their data. So, if you aren’t already backing up now is the time to start.
If you want to learn more about backing up your data, then the National Cyber Security Centre provides guidance on this topic. There are also links to the major providers' instructions for backing up files using their cloud storage solutions. Most providers support regular automatic backup to a connected cloud storage account and can backup your data daily/weekly (or when new files are added to specific folders).
If you do fall victim to a successful ransomware attack then you are the victim of a crime and should contact Action Fraud to report it.
Unsure of the signs of ransomware, phishing attacks or any other cybercrimes? The WCRC offers security awareness training aimed at those with limited or no previous cyber knowledge. The session will help you and your staff better understand how incidents happen and how to build defences against threats. To book a session or to see how we can help, please contact our team.