Got Ransomware? 6 Tactics To Protect Your AEC Firm (TODAY)
As the owner of an AEC firm, you have your priorities. It’s not easy to keep information technology and digital security on the top of your to-do list.
Those of us who focus 100 percent of our time on IT and security respect and appreciate the work you do best. You make our world a beautiful, functional, sustainable, and efficient place to live. You should continue focusing on that without worrying about what might happen to your data. You don’t want the fear of losing your firm and your work to keep you from doing what you do best.
Recently, you’ve probably heard about WannaCry Ransomware, a well-publicized virus sweeping through the global information network. Ransomware is a computer virus that spreads across your network and takes all of your files hostage (renders them unusable) until the ransom is paid.
When things like this happen, it provides us with an opportunity to talk about protection. These cost-effective techniques can be easily implemented with the help of your managed services partner.
Why Worry About Ransomware?
Ransomware and viruses like it can impact your productivity, your profits, and your reputation.
Lost Productivity = Lost Revenue
Business disruption and productivity costs are the worst threats. According to a 2016 SentinelOne study, it takes an average of 33 hours to recover from a Ransomware event, and that’s if the recovery goes well. It can take 72 hours or more if there are additional problems or setbacks. Three days to recover is too much downtime for your company. Here’s what it can mean for a sample AEC firm:
- 15 employees charge an average of $100/hour and work an average of 6 billable hours per day.
- $100 x 15 people x 6 hours x 3 days = $27,000.
That’s $27,000 in lost revenue without considering other hard costs like IT provider fees, which can be at least $5,000 to $7,000, or paying the ransom which can be anywhere from $1,000 to $25,000. If your firm has more than 15 employees, the costs continue to grow.
Lost Reputation = Lost Projects = Lost Revenue
A Ransomware infection can lose bids. We know of three different companies that lost work because of this problem. Ransomware infections can be flagged by security audits routinely performed during the bidding process for government, healthcare, and other commercial projects. If you fail that audit, you won’t be considered. Companies aren’t going to put their own IT security at risk to work with you.
Protecting Your Firm
Strategies can be as simple or complex as you need. These techniques will give you the most protection for the smallest amount of effort or investment. With these things in place, you can get back to what you do best without worrying about IT security.
- Update Your Anti-Virus Capabilities
Make sure every endpoint and server has an up-to-date anti-virus system running. Use a product that is business rated (not free) and centrally managed. Make this a priority with your IT person. Your managed service partner usually includes this protection as part of their services.
- Provide User Education
You can never underestimate the benefit of education, as long as the education is good. Conducting regularly scheduled training sessions, such as monthly lunch-and-learns is a great way to get your users engaged and aware. Go over the latest threats in the news and break down a few examples of email and links to watch out for. Invite your IT provider to put the conversation into context and provide more expertise.
- Keep your Servers and Computers up-to-date
There is a reason why Microsoft releases patches for the Windows OS and its applications every month, and so do other application vendors. The patches are designed to eliminate security risks that may have been recently found. Ask your IT resource or work with a managed services partner to ensure that every machine is patched to the appropriate levels on a regular basis. Most managed service providers include this service in their package free of charge.
- Make Backup a Priority
Ask your IT person to review backup logs daily and perform test restores weekly. Use an online or cloud backup storage option to keep your data off site, in case of a fire, flood, or other major localized disaster. If you have an IT partner, they should include backup management and cloud backup as part of their services.
- Advanced Threat Protection for Email
Ransomware can find its way into your firm in three major ways. Email is one of them. Although most businesses now have some basic form of email scanning at the outside of their network, it doesn’t always provide protection against the latest threats out there. Advanced threat protection for email ensures protection against the latest threats by examining each attachment prior to forwarding it. Work with you IT partner to get the recommended solutions.
- Advanced URL Filtering
Many Ransomware viruses get on your computers and servers and sit dormant for up to a year, waiting for a signal from the internet. You may have been infected already but don’t know it yet. Advanced URL filtering looks for any unknown patterns of communication out to the internet, and blocks anything that looks suspicious, preventing the virus from ever activating itself. It also offers real-time learning and updating capabilities. Again, only a few products offer this functionality, so talk to your IT provider to get more details.
Hopefully, you will read this in time to save yourself and your company from a Ransomware infection. I strongly recommend you implement these simple functions, and as always – contact us with any questions you may have. Keep your data safe and your AEC firm running!
Trends and more in Your Inbox