Is there recovery from ransomware?

Is there recovery from ransomware?

That really does depend on you.

A ransomware attack can happen to anyone, at any time and on any system.

If you think it will not happen to me then you could have a problem.

Ransomware is the scourge of cybercrime.

It can be enacted by people who have no technical knowledge and are just following a script and system that was downloaded from the internet.

It can be enacted by sending a couple of thousand emails to a list of people that they purchased on the internet.

It can be enacted by targeting a group of internet addresses that they thought would be lucrative.

There used to be a thing called “security by obscurity” where you can hide on the internet and we’re relatively secure.

That capability is no longer a viable defence strategy.

If you think you will never be targeted, too small or have nothing worth stealing and you do have a cyber event there is little chance of you being able to recover.

But

If you have a different attitude.

If you think the opposite.

Then there is a chance that you will not be a victim.

If you think that you could be a target then you are already thinking about your response.

You are already thinking proactive.

You are ready to think of contingencies.

Even if you do have a ransomware attack then you already know and your team already knows what to do because you have thought about it.

You have plans, processes, procedures and policies in place.

If you have tested them and improved on them then that makes it even more possible that you will survive.

The old adage expects the best but plan for the worst is prevalent today against the cybercriminal.

Free 60 minute webinar for managers, owners, C-suite executives and board members of not for profits, charities, associations and SMEs

Why would you listen to me about business security and business protection?

At the moment we all need all the help we can get.

I need help in marketing, sales, management and many more areas, actually too many to mention.

Most people on the other hand are really good in these spaces.

Like you I have expertise and mine is security.

This expertise was born from a love for all things computer and digital more than 35 Years ago.

I cut my teeth on mainframes, 10 KG disks and programming in Fortran.

I then transitioned into spaces occupied by Amiga (blast from the past), Windows and Apple.

When I left the navy and in my new civilian learnings I earned a large number of vendor certificates.

That got me jobs in ISPs, networking, managed services and security.

Like everyone else, I thought I knew it all.

I didn’t.

In 2008 I was hacked and I discovered that my intimate knowledge of these systems only just saved me from losing a substantial amount of money.

It made me realize that with all of my knowledge when it comes to security and protecting my assets, I was a babe in the woods.

If I was an easy target, then the rest of the cyber and digital users were just plain easy.

So I dived into this space and 4 years later I was quite an accomplished hacker and I wrote the book “Business security basics”.

Working at times for 24 – 48 -72 hours straight, which drove my wife mad, I learned an intimate knowledge of what they could do, how they could do it and why we need to learn all we can about it.

In 2014 I wrote another book “Cybercrime a clear and present danger”, we developed (and continue to develop) business security systems and requirements that move organisations from easy target (sitting ducks) to a lot better protected (moving targets).

The name of the next book is “From sitting duck to moving target” should be released next year.

I realized that everyone needs help in this space.

So here is an easy way to learn what you need to do to protect your organisation.

At no cost, except for an hour of your time, let me show you what you need to do for your business to protect it from today’s cybercriminals.

Sign up for the FREE 60 minute Friday webinar happening tomorrow at 1030.

I look forward to seeing you.

Sign UP HERE

GDPR, the NIS directive, the Australian Privacy Policy and SME’s – how big is the impact?

Do you understand the universal implications of the EU’s GDPR (General Data Protection Regulation) and the new Australian Privacy policy.

If you have been following the introduction of these regulations then you know.

You would realsie how big an issue this is going to be.   You would also realize that you may not have the time, money or expertice to implement a protection plan.

You may know but you may have thought it has nothing to do with you or your organisations.

You would be wrong.

These regulations are going to have a profound effect on businesses and organisations all over Australia, not just in the european union and Australia but all over the world.

Strict protection and compliance is the name of the game, but for most of the SME’s in Australia, where “she’ll be right” is the foremost thought when it comes to compliance, there are going to be some serious issues.

The regulations ensure that all EU personal data collected by an organisation is to have the same governance and compliance around it as if it was managed by all EU organisations.

But I am not in the EU you say,

The regulations apply to any citizen of the EU in your database.

With the internet making every organisation global, how do you stop it from happening to you.

You could geofence your web site, but there are always ways to get around it if someone wants to purchase your product.

This is a major issue.

The impact – get hacked, pay huge fine, go out of business!

The GDPR and the Australian Privacy Policy are going to ensure that you can significantly damage you organisation if you do not put something around it to comply with the regulations.

I have been harping on about compliance and business security for the last 13 years.

This is what you need.

Get a framework!

Any framework will do but I recommend NIST.

NIST, compliance and business frameworks are not easy to implement, manage and control but they have to be done to protect every organisation from a cyber event.

Some of the questions you need to ask are:

  • Who do I know who can help with a framework
  • How much will compliance cost
  • How much would a breach cost
  • How complex is the job of implementation
  • What risks do we have to mitigate, remove or remediate
  • What do we have to do to comply with GDPR and the Australian Privacy Policy

What answers did you get?

For your next step talk to me.

 

Roger Smith is funny, scary, on point and is focused on one thing – increasing everyone’s awareness and understanding of the problems and issues associated with the digital world.

He is the winner of the worldwide 2018 Cybersecurity Educator of the Year award and was Runner up in 2017 .  

He is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   

He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one on Amazon.   

He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

Letting an IT manager go, how do you do that?

One of the worst situations that you can be in is acrimonious separation of an IT person from an organisation.

A bad separation, just like a bad divorce can have significant impact.

Large organisations have systems, policies, procedures and processes in place that protect the organisation, when they are used of course.   If followed they protect the organisation well.

SME’s on the other hand have different problems.

We have come across smaller organisation that still have old staff members on the books with full administrator access to everything that is still being done in the organisation.

The problems this creates can be huge.

They have access to privileged accounts.   Accounts that can do anything on the organisations digital world.

Just a few ideas of what they can do!

  • They can steal your trade secrets and take them / sell them to your opposition.
  • They can steal your client list and use them for a number of bad things – competition, blackmail, sabotage.
  • They can cause software issues, lock outs and shut downs
  • They can lock legitimate users / all users out of the organisation.

Another problem!

In most cases the IT person is there because they know computers.   They were allocated the role when they joined and you may even have paid for some education and training packages to make them better.

This just puts them in the position of holding the keys to the kingdom.

If you are going to remove an IT person from your organisation, the best thing you can do is outsource your IT, for a short time or indefinately.   They have the expertice to protect your organisation and they are under contract to ensure your systems are safe.

Roger Smith is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one in 3 sections of Amazon.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

WordPress Security – The important stuff!

But it’s just a website!

It has nothing of importance!

We are just telling people what we do!

We just threw it together on WordPress because it looked OK, pretty cool eh, what do you think?

These are some of the reasons and responses that most organisations say about their websites.   They do not consider their website an important component of their business security.

All of these implied reasons are all BULL

The damage that a compromised website can do to your reputation, your brand, your customers, your staff and your organisation in general can be devastating.

How can it have such an impact?

Today’s world everything is automated.

From building cars to putting together modem routers, it is all automated, created by robots or done with no human intervention.

Just set and forget!

In this world a bored teen with minimal parental supervision, access to the internet and access to a computer, tablet or smart device can download any number of automated systems that can and will target any website.

Why?

just because they are attached to the internet.

Bored teenagers and Hackers alike Don’t Even Break a Sweat…Download… Copy… Paste… Hack! 

Its just that easy!

Automated systems target everyone!

That is why a Million+ Sites were Hacked or Defaced by Exploits in the last 12 – 18 months.

Once again attached to the digital world = target!

WordPress security can be very easy as well as exceedingly difficult.

Like any required expertise, anyone can do it but it takes an expert to actually secure a website properly.

Just 1 Bad Plugin or Update & Your Site Is Theirs!

What about Google?

If your website is infected and starts delivering malware to your visitors then you’ll Get Blocked by Search Engines for hosting…A Fake Store, An Attack Site or A Phishing Site…

This will have significant impact on your site especially if you are spending money on SEO.

The all-encompassing world of search – especially GOOGLE, can have a significant impact on your website through search engine optimisation (SEO)

I spoke about reputation in general, how about Brand in particular?

The impact on your reputation, brand and ability to create revenue can be significant.

Your Site, Your Reputation, Your brand, Your Rankings & Your Domain Value Destroyed literally overnight and in a lot of cases it will not register on your business.

The problem could be seen as a change in Googles algorithm.

How big an impact would a significant drop in search visitors have on your organisation?

The significant drop in visitors could be attributed to the blacklisting of your site.

Anyone going to your site will get the google precaution web page – proceed past this point at your own risk.   How many people are going to go against that message, only 10%.

It’s Going To Costs You Days & $1000’s To Restore, De-Blacklist + Re-Rank.

So that cheap and cheery website that you put up is now having a significant impact on your organisation.

Significant impact on your cash flow!

Significant impact on your revenue!

Lets now take it further.

If you keep getting your website hacked it will have significant problems for the hosting company as well as all, of the other organisations that have websites hosted on the same platform.   Same platform, same internet address.

They will literally ask you to take your website elsewhere because you are having a significant impact on their revenue and profits.

WordPress security – what can you do?

All of your problems started with the assumption that putting up a WordPress website is easy and can be done by anyone.   Here are a number of precautions that you can take to reduce the risk.

Update, update update

Like everything digital in today’s world updates are one of the keys to protecting the website.   Updates to the WordPress core are critical but updates to plug Ins, widgets and themes are just as important.

Updates remove those areas where the automated systems can get a foot hold on your site.

Visit your site regularly

We have known organisations who have not touched their website in 2 – 3 years.   This is bad for 2 reasons.   If you are not visiting your site regularly then you are not helping your marketing, you are not putting up, in the words of Tim Read “interesting and helpful content”.

Google does not like this.

If you are not visiting it regularly you are not getting the feel of what your visitors are seeing, and you are not being prompted to update all of these important components.

Use top quality plug ins, themes and widgets

Free is OK, but if you pay for plug ins, themes and widgets then there is a good chance that they will be better for your website.

This includes not only better functionality but also better security and support.

Use 2 factor authentication or Captcha

With some of the tools available, your website can be scanned and the usernames can be discovered.

That is one of the 2 things the wanna be hackers need to compromise your website.

Using 2 factor authentication and or a captcha system you are adding another layer to the log in process.

This makes it harder to access your website using automated systems.

Enforce complex passwords

I know they are hard, but complex passwords are very important when it comes to fighting all those automated systems.

All passwords should have 3 components, complexity (numbers, letters, symbols and capitals), long (more than 8 characters, but 10 is better) and uniqueness (different for every web site you visit or have access to).

Now hopefully you understand why protecting your website with the right attitude is good business sense.

The bad guys are out there and they are looking for every opportunity to ruin your organisation, your reputation and your ability to make money.

Roger Smith is the CEO of R & I ICT Consulting Services,(http://rniconsulting.com.au), Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime (http://www.amazon.com.au/CyberCrime-Clear-Present-Danger-Security-ebook/dp/B00LEJTN5Y), author of the Digital Security Toolbox (http://www.rogersmith.com.au/roger/toolbox/) and the SME digital security framework (http://smesecurityframework.com.au/csb/).   He is a Speaker (http://www.rogersmith.com.au/roger/roger-smith/), Author, Teacher and educator (http://securitypolicytraining.com.au/cybersecurity-awareness-introduction/) on cybercrime and how to protect yourself from the digital world.

Business Security Demistified!

It is no longer a case of hoping for the best when it comes to business security.

Business security demistified

Changes to the way we do business, how business is conducted, how fast the transactions are done and the insidious implications of social media have made business in the last 5 years a huge challenge for most business no matter the size.

Multi nationals who rely on their advertising spend to get customers through to the small and medium businesses, the mom and pop organisations, who are challenging them in most areas of today’s business world all have huge if not insurmountable business problems.

No longer can we rely on “that’s how we have always done X”.

In today’s world that is old thinking, old strategy and in most cases a good way to disillusion your clients and go out of business.

With all of this happening we also have the problem of protection.   

Protecting business assets, protecting our clients, protecting our staff, protecting our revenue stream.

These are just a few of our inward and outward facing security problems.

We are often told that security is a business problem but all of the onus to fix it falls to the ICT department.  This is no longer the way to do it.

Business security is a whole of business phenomena.  Everyone from the head of the board to the warehouse cleaner needs to be involved, and involved from the nuts and bolts through to the strategy.

Today’s world is all about data, and protecting that data from anyone and everyone who does not have permission to use it, see it or interact with it.   With everything in today’s world being digital, in most cases we cannot see the problems this creates.

Today’s business security is all about common sense, seeing the wood from the trees and making sure that you are alleviating risk at every possibility.

Business security is all about risk!

Business security comes down to risk, defining the risk and then mitigating it for your organisation.

Every organisation is different and every organisation will mitigate the risk differently but all organisations need to start looking at the problem of risk.

Want to see what i am talking about go here and do our quick and nasty trial survey.   7 of the 98 standard NIST questions.   Let’s see what your business maturity level is.

http://business-security.com.au/go/audit/

Roger Smith is the CEO of R & I ICT Consulting Services, Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and the SME Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

Cybersecurity fatigue, have we reached it yet?

Are we sick of hearing about cybersecurity?
This has been hacked!   X number of records have been stolen!    Another bank ATM system has been compromised!
Yada yada yada.    Whats the use?
You can invest millions in cybersecurity and still get hacked.
We now seem to not care.
We are getting reckless.
Reckless to a stage where the old adages are coming back.   If in fact they ever went away.

It will not happen to me?   

But it will!   If you do not focus on protection it will happen to you.    It will happen to you because of what the bad guys are capable of.   The bad guys know more about the intricacies of programming than some of the engineers who created the program in the first place.
In today’s digital world a bored teenager, with access to the internet, a computer, an aptitude for mischief and minimal parental supervision can literally RUIN your life.
That is not a good thing!   But it happens, happens all the time.

I am too small to be a target!    

Actually no one is too small to be a target.   Everyone who has a device that connects to the internet is a cybersecurity target.
Your mobile phone, your smart device, your laptop or your computer are all connected to a network that eventually connects to the internet.
The moment that you connect to the internet you are a target.   You are a target of all of those automated systems created by the bored teenagers.
The moment you open an email, do a search for a product or service, create a website or any of the tens of thousands of things we do on the internet – you are immediately a target.

I have nothing worth stealing!   

Ask that of the millions of people, offices and organisations who have been compromised by the cryptovirus also known as ransomware.   When you are confronted with the reality that you can no longer access your data, you suddenly realize how valuable that information really is!
Most of the people targeted have some level of protection, some type of security because they realised they had something worth stealing.   Even then it happened!
What makes you any different, especially if you do not have any or only minimal protection.

Education is the key.

The reason that people like me harp on about cybersecurity is we see the problems.   We see the impact and more importantly we see the solution.
The solution is not investing in millions of dollars of technology, although technology IS needed.  It is not about legislation, making it harder to do business, that is also needed.    It is wholly and solely about education.
Education has a drastic impact on the frequency, occurrence and severity of being compromised.
At the moment the bad guys do not have to work very hard to get users to click on a link or open an attachment (Social Engineering 101 – the easiest way to target anyone)
We have been conditioned to do it.
Click, double click or swipe is normal everyday activity when using a digital device.   There is no thought, it is conditioning.   We have to break this conditioning because in most cases  that is what the bad guys rely on.
The only way to break this is education – try this course.
The on boarding business security course (http://business-security.com.au/login/)

Is the implementation of SECRET just to cover your Ego?

Relying on one persons understanding of digital crime is a recipe for disaster.

You can be the most knowledgeable person on the planet in your chosen field but you cannot be the most knowledgeable person on everything – that is impossible.

When it comes to the digital world, the individual facets of the world are daunting.

There is no single entity who has all of the answers.   In a huge number of places we no longer understand the questions to ask.

We all work in some realm where we either consider ourselves exceptional, or other people consider us exceptional in our knowledge and understanding.

Most people realise this and accept input from others who are experts in their own fields.   This collaboration makes everyone involved better.

We have seen those exceptional people do the absolute dumbest things when it comes to digital protection and cybersecurity.

In most cases it comes down to EGO.

To quote the Sky hooks and my friend Shirl ” ego is such a dirty word”.  This is where one of the largest problem lies when it comes to digital security.

Our egos get in the way.

Our egos do not allow us to be wrong, do not allow for others to have input into our problems or in some cases accept input from people who do actually know more about the problem than we do.

The EGO of security

One of the biggest problems with keeping ego in check is the understanding of secrecy.

By using my ego to implement security means that others who may have a deeper understanding of the problem or a better solution are kept out of development because i have deemed it secret.

To develop a complete digital security strategy we need to leave our egos at the door.   We have to listen to anyone and everyone with an idea concerning protection and implement the best ideas from that process.

When that happens we will see an improvement in digital security.   We will see an increase in collaboration and maybe, just maybe, we will be able to beat the digital criminal at their own game.

Google, your search against my professionalism – will it save you money?

3D Businessmen Inside Gear. Business ConceptGoogle!   How many times have we said or heard someone else say:

“Why don’t you Google it?”

“Google told me that….”

“I can fix this problem—I read an article about it on Google!”

These lines are often spoken by someone who tried to save time, money or effort by reading an article instead of consulting an expert. And whether it’s a broken computer, a backed-up sink or the weird-looking bald patch your dog has suddenly developed, when people put their faith in Google there’s usually an unspoken postscript: “I tried to do it the way Google said, and it didn’t work.”

I have been working in IT security for 30 years. I’ve come to see that computer technology is one of the areas where people are most likely to turn to the internet for help. I am not knocking Google—my team uses it regularly to resolve complex and confusing issues with technology.

We also understand that 99.9% of the articles are CRAP.

Well, maybe that was phrased a little too harshly. How about this—80% are CRAP.

Your search for a solution can put you in touch with a lot of people claiming to be “experts.”   Some of them even are experts, and may have put a few good ideas into writing. Those search results do not equate to the huge number of hours that a professional will have spent in their chosen profession.

Google does not show me how to fight a civil action in court, but a high-paid lawyer will.

Google does not make your tax records easier to understand, but a good accountant will.

Google does not make changing that engine part any more understandable, but a mechanic does.

With 20% of all google searches being for new content, there’s no Google search you can do that will capture every exact specific of your court case, tax documents or computer problem.

What Google does, is make you realise that you do not know everything. It helps you understand that a professional—the person who wrote the article—is better qualified to do it.

When the sink backs up or the car starts making a funny noise, go ahead and Google. Yes, you can muddle through, and maybe get the right outcome!

But if that first “easy” solution doesn’t work, don’t keep trying more. The cost in time and money of continually tinkering with high-priced possessions are more than what you’d pay to get your problem solved once and for all.

If you want it done right, Google it, find an article about it—and then talk to the person who wrote the article.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

Technological Advances Call for More Advanced Digital Security Measures

3d people - man person with a laptopBusiness technology changes every two years, and while we usually stay with the same provider Moore’s Law about doubling in speed while cutting the price in half is well known in business. Everyone is constantly looking for the best new product, amazing technological advances that provides better results and what we can get that will change our perception of business or improve the bottom line. We are always looking for better equipment, better tools, better technology and anything that will help us grow business.

Technology that provides better results are known to change the perception of business and improve the bottom line. That slight advantage can be critical in today’s business world. Unfortunately, we have the mindset to forget that there are digital criminals in our midst waiting for the right moment to strike. These people are prepared to use the best and latest technology available to compromise the technology of others and to attack anyone who is connected to the digital world. As criminals, they steal, bribe, sneak and compromise anyone or anything in order to get their hands on their new technology.

After those cyber criminals have access to that technology, they dismantle it and break it down so they can gain a better understanding of how it works. They also work toward understanding the manufacturer so they can make “hacks” and access the information or data of others. They work to find out what it can do, not just what the manufacturer thinks it can do. While you may not recognize it now, there is a distinguishable distinction between those two.

As an example, if it is software that is used by a large proportion of digital users, the thieves can get access to a SDK (software development kit) they will immediately take action to take it apart, see how it functions, see what has been overlooked and determine how they can utilise it for their own nefarious needs. After that hands-on research, they can easily discover ways to compromise the program.

We Can Make A Difference

By incorporating the fundamentals of high quality digital security, we can stop these thieves in their tracks. Examples are using passwords, patching, firewalls, AV and backups while some people just exhibit paranoia. The more that technology changes, those are the basics that give you a platform from which to work. With the continuing technological advances, we have to find a better way to improve digital security. By using the fundamentals, you will start to think outside the box and work to discover other solutions and more effective answers to challenge these criminal masterminds.

The fundamentals are the basis for your protection from those criminals that lurk in cyberspace just waiting to catch you with your guard down. As users of technology, we need to take a stand and work to find the right security solutions to protect our equipment, our data and all of our information. By staying up to date on the advances and the latest security digital security options available, you can take a step in the right direction by blocking out digital thieves who are waiting to disrupt your business.

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.