It’s been a difficult day for one of our clients that was hit with a ransomware virus. This type of virus encrypts your files (makes them unreadable) and installs instructions on your system for paying ransom to the criminals that encrypted your files. If you decide to pay the ransom, and you’re lucky enough to be dealing with an ‘honest’ criminal, they’ll send you a decryption key, making your files usable again. But wouldn’t it be great if you have a great backup plan in place so you don’t feel the need to pay?!
Backups
If you have a good backup system, you might be able to recover your files (or most of them anyway) without having to pay the ransom.
Please, please, please discuss your backup with your IT company and make sure that you’ve got a solid strategy in place. Have them periodically do a test restore to make sure the backup is truly working.
In an ideal world, you would have multiple backups on multiple devices. This helps protect you if you don’t notice the virus right away. Imagine if you were backing up to a couple of USB keys or portable hard drives, swapping them out every day or two, and you were only keeping one backup per device. This means you only have a couple days worth of backups. What if your system was actually infected a week ago? Pay up!
Now, imagine you have a backup device for every day of the week (and two for alternating every other Monday), and three more for rotating month-end backups, and even a few for year-end backups. That might sound like a lot of devices but this is insurance for your data. It’s so important!! If you had this kind of insurance, you’re much more likely to be able to recover quickly, and with as little expense and extra effort as possible.
Ransomware fees typically start at $3,000 – $5,000 and the longer you wait to pay, the higher it goes.
If you don’t have time to discuss this with our IT company today, we strongly recommend that you set an appointment in your calendar to remind yourself to do this as soon as possible.
Hard Copies
It used to be that people would print their General Ledger Transaction Journal, their customer invoices, and other vital documents, every day because they were nervous about having everything stored on the computer, with no physical copy. But, as people started to trust computers more and more, they stopped printing in favour of saving some trees, saving on physical storage space, saving time and reducing the expense of paper and toner. One has to wonder if there’s an argument for picking up this habit. Or, perhaps you just pdf these reports daily and email them to the owner’s gmail account. But are you comfortable with emailing this information?
I’m sure there are lots of different approaches one could take to protect your data. I hope this has helped you to understand that we’re all at risk so please think about the precautions you want to take and start putting them in place.