Ransomware attacks are on the rise, protect your small business
The United States Cybersecurity and Infrastructure Security Agency (CISA) recently released a bulletin notifying all American businesses and citizens of the potential for increased cyber threats in the weeks ahead in the wake of Russia’s attack on Ukraine.
In its release, CISA noted Russia’s initial onslaught into Ukraine included “cyberattacks on Ukrainian government and critical infrastructure organizations,” and added while no credible threats have yet been levied toward the U.S. and its allies, each of those nations and the organizations within them “must be prepared to respond to disruptive cyber activity.”
CISA also provided guidance for organizations on how to adopt “a heightened posture when it comes to cybersecurity” and protecting critical assets. In trucking, the growing importance of cybersecurity has become increasingly clear in recent years as more businesses have been targeted and victimized by ransomware attacks.
For businesses aware of their vulnerability but unsure of how to secure their operation, here are four tips to reduce one’s cybersecurity risks.
Train your associates
Well-trained employees are the best defense against ransomware attacks, which today make up a substantial majority of American business cybersecurity breaches.
In ransomware attacks, hackers use email or text messages delivered directly to a person as an entry point into a company’s computer system. These phishing messages include a link or downloadable attachment that is intentionally mislabeled to entice a reader to click, but once opened immediately encrypt the reader’s device and provides the hacker access to the company’s network.
Training workforces of all sizes to identify and avoid such hazards is the business model at KnowBe4, which in 2021 stated its training curriculum had been shown to reduce the risk of phish-prone associates clicking dangerous links from 32 to 7 percent at a wholesale distributor business. There are other companies providing similar guidance. As for businesses unable to invest substantially in training, CISA’s literature database and/or a Google search can quickly turn up lists of key cybersecurity do’s and don’ts.
Northwest Drive Train has long preached the importance of caution during sales meetings and the company’s new IT director is building a curriculum to support those lessons, says Ryan Bugai, sales director.
“I tell my people if you see an email that doesn’t have my signature on it, you should doubt it. That should be a red flag,” he says as an example.
Backup your work
Consistent data backup is another vital tool in reducing the impact of a cyberattack. According to the Center for Internet Security, backup servers should update multiple times per day and be stored offsite and/or offline to not be targeted by hackers. These backup systems do not need to record all corporate data but should automatically update all information that is essential to the daily operation of a business.
Another useful benefit of backup servers is they don’t only protect against cybersecurity. When Sadler Power Train had a store damaged by a derecho wind storm in 2020, Operations Manager Dave Paulsen said the company was able to use its backup servers and power generators to stay online and quickly reopen. With data servers set to automatically backup every 30 minutes, he says the company lost very little information. He shudders to think about what would have happened without the backup system in place. The hardwired internet line into the building was destroyed in the storm and the city was without power for three weeks.
“It’s easy to think, ‘We’re never going to need to use this,’ but it saved us,” he says. “We had to run on our secondary servers for a month.”
[RELATED: Are you dodging bullets with your IT strategy?]
Northwest Drive Train uses a state-of-the-art Amazon Web Services cloud-based backup system. Says Bugai, “We’re truck parts people; we let the people who know technology do our technology.”
Update software and limit connectivity
Ensuring employee computers are up to date and optimized for their use also reduces the potential for security breaches.
Many software applications provide regular updates to improve bug fixes and operational effectiveness, and some of these updates also come with added security. This is increasingly important for internet-connected programs, such as email, web browsers, business management systems and more. Additionally, limiting the number of applications on a computer and what an associate can access within a network from their computer can reduce the damage of a hack if one occurs. CISA says employers should provide associates access to all tools necessary to do their jobs but should avoid extraneous tools or access.
Sadler Power Train does just that.
“Several years ago, we did have an experience of someone clicking on a wrong link and it encrypted everything they had access to,” Paulsen says. “That gave us more incentive to limit people to the systems they need.”
CISA also advises any remote access to an organization’s network and privileged or administrative access require multi-factor authentication, and organizations using cloud services should ensure IT personnel “have reviewed and implemented strong controls outlined in CISA’s guidance.”
VPNs for remote associates, smart passwords and limiting personal use of work devices also reduce security risks, says VIPAR Heavy Duty Vice President of IT Andrei Katibnikov.
“You shouldn’t have people using the same password for different programs. Or using a personal email for business,” he says.
Invest in additional security measures
Beyond automatic updates from software providers, cybersecurity experts also note there are many robust specialty solutions available for businesses to provide additional layers of security. Some tools serve to complement and enhance firewalls. Others go even further, using intrusion detection systems to engage a firewall instantaneously when a potential breach occurs to limit its impact.
Katibnikov recommends these latter systems to VIPAR Heavy Duty stockholder members. He adds common antivirus applications don’t protect against ransomware attacks, specifically, because those breaches only occur after an employee clicks on a malicious link.
“There’s nothing an antivirus tool can do there to stop it,” he says. “Those happen because someone clicks a link and lets them in.”
CISA also notes it is important for businesses to have a crisis response plan. These plans don’t need to include all associates but should include management, IT and other key stakeholders who would be expected to react to an attack. Many cybersecurity providers offer guidance in this area as well. CISA also suggests crisis response teams and/or IT departments should regularly test action plans to confirm all parties know their roles and backup procedures to ensure “critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack.”