Imagine this: You are checking your email and you see a message from Microsoft telling you that you received an important email, and you can find it by clicking this link. But you didn’t look closely enough at the message. The email address it came from was not a Microsoft account. And the link you clicked on didn’t lead you to the Microsoft website, but a site that has infected your computer with ransomware or malware.
This isn’t an unusual scenario. It’s called a ‘phishing scam’ and it happens all the time. Ransomware infects your system and locks it up so you can’t use it. You then receive information from the person who sent it to you demanding payment to unlock it. Most notably this happened last summer with the Colonial Pipeline Company on the East Coast, causing a fuel shortage and price increases.
These phishing scams are also used to break into your systems and steal your data and your customers’ data. Once the hacker has that, they can use it to steal identities.
And it’s not just big businesses this happens to. Hackers like to attack smaller businesses, too. Especially since Russia attacked Ukraine last month.
“Immediately after the conflict broke out, suspected Russian-sourced cyberattacks were observed over a 48-hour period at an increase of over 800%,” said Emil Sayegh, a contributor at Forbes Magazine who covers cybersecurity.
Hacking and cyberattacks have been part of the Russian economy for a while. According to an article that appeared in the New Yorker last year, the roots of Russian hacking go back to the Soviet era, when plenty of students studied computer science, physics and mathematics, but when they graduated, many didn’t find the paychecks of Silicon Valley. They turned to hacking. Authorities in Russia weren’t necessarily inclined to investigate.
“Russia’s security services are tempted to see hackers who target Western corporations, governments and individuals less as a threat than as a resource,” the New Yorker reported.
Ransomware attacks can be costly, not only because many businesses pay the ransom if they have no other way around it, but also because the business must close while they wait for their system to unlock, get new software to protect themselves, re-train employees on safety measures and many other factors. Colonial Pipeline Company paid a $5 million ransom and the incident caused chaos up and down the East Coast. If you protect yourself now, you may save yourself, your business and your employees a lot of money and stress.
So, what can you as an operator do to protect your business? It’s not a terribly hard fix.
- Back up your files
- Use multifactor authentication
- Update and patch your software
- Use anti-virus software
- Be careful when checking email
- Train your employees to identify phishing scams
- Safeguard your passwords
There are also free resources to help you. The Cybersecurity & Infrastructure Security Agency (CISA) offers this page of resources and checklists to help. The Cyber Readiness Institute offers classes and free downloads of information.
You can also get a quote from My Hospitality Insurance for cyber liability, just in case hackers are able to get through to your network.
Hopefully, with a little diligence, your customers’ data and your data will be safe.