The FBI is now trying to coach users as recent cyber attacks have become increasingly sophisticated and significant. This week the spotlight is on Riveria Beach, Florida as they're being held for a nearly $600,000 Bitcoin ransom.
It's becoming a "perfect storm" of user trust and hackers feeling embolden.
On the user side, the FBI warns not to blindly trust websites with Hypertext Transfer Protocol Secure (HTTPS). The FBI adds, "The presence of “https” and the lock icon are supposed to indicate the web traffic is encrypted and that visitors can share data safely. Unfortunately, cyber criminals are banking on the public’s trust of “https” and the lock icon."
With your trust on a platter, hackers, are now using tools developed by the NSA to breach not only the most vulnerable of businesses, but government organizations as well.
Riveria Beach is just the latest story of a city having to reach into its coffers to attempt a recovery of vital information. Atlanta and Baltimore each have had their own issues which have drained their resources. While paying the ransom is bad enough, there are two overlooked pieces:
First, the estimated costs of rebuilding your infrastructure from an attack is much more costly. You're going to dig deeper into your pockets, which will impact your business not just today, but for the future. How disappointing would it be to have to pause research and development on something that can change your business and industry? What if you couldn't afford new equipment because of this instance? Or even worse, what if you lose talent because you can't afford their salary?
Second, the untold impact of your business' reputation. Can you calculate that? Remember the Equifax breach a few years ago? Who can trust them to protect your data when all reports point to simple things, like consistent patching, that could have prevented this problem? Any profession you're in from medical to manufacturing to construction, your controlling your customers' vital data. You can't let it fall into the hands of someone else. You need to be protected.
MotherG recommends you complete a security assessment at minimum every six months. We offer recommendations on a variety of tools that fit your needs and best protect your essential information. The landscape changes constantly and it's important to be proactive rather than reactive.
As FBI Computer Scientist James Morrison says, "There are two kinds of companies: those who've been hit and those who've been hit again."
Please don't feel defeated, the FBI does have several recommendations for you and your employees.
- Do not simply trust the name on an email: question the intent of the email content.
- If you receive a suspicious email with a link from a known contact, confirm the email is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
- Check for misspellings or wrong domains within a link (e.g., if an address that should end in “.gov” ends in “.com” instead).
- Do not trust a website just because it has a lock icon or “https” in the browser address bar.
If you're a victim of one of these attacks, please reach out to the FBI and file a complaint here.
If you still feel you might be at risk or don't have a technology plan to prevent these attacks on your business, please contact us for a consultation. We will walk you through how to approach your unique situation and advise you on what tools will best protect your business.