Ransomware attacks are on the rise and are making national and global news headlines and for good cause. In 2020, there was a 150% increase in attacks and a 300% increase in the amount of ransom paid. This increase does not appear to be slowing down either. To date, the amount of ransomware attacks in 2021 has surpassed all of last year. What is contributing to this increase?

While there are several factors that have contributed to the increase, one main reason was the immediate shift to remote work during 2020. Almost overnight, many businesses went 100% remote without a cybersecurity plan in place. Workers were utilizing their personal computers and laptops and logging on from home on unsecured VPN networks rather than connecting at the office through a secure network. Cybercriminals were able to exploit security weaknesses at both large and small businesses.

Do you know your risk for a ransomware attack at your business? Let’s take a look at how ransomware attacks have changed, who is at risk for an attack, and ways to reduce your risk.

When you think of a ransomware attack, you may think of a lone person sitting in a dark basement hacking into a company’s network trying to gain access to sensitive information. The hacker gains access to the company through phishing emails and once in the network, deploys malware that encrypts servers and sensitive company data. While this methodology still occurs, the entire process has evolved, is more organized, and is a massive, profitable business.

While there are still ‘lone wolves’ executing ransomware attacks, most data breaches occur at the hands of a group of sophisticated, strategic cybercriminals. These organizations, usually located in eastern Europe, are extraordinarily adept at infiltrating a company’s servers and planting ransomware. They extract as much sensitive company information as possible in order to demand ransom payments.

Another factor in the increase of ransomware attacks is ransomware-as-a-service (RaaS). Think of RaaS as a franchise model for ransomware attacks. Large-scale, organized groups of cyber criminals, such as DarkSide and REvil, franchise their capabilities such as encryption tools, communications, and ransom collections to independent hackers in exchange for a percentage of the collected ransom. This model has allowed ransomware attacks to be outsourced across the globe.

Ransomware is a profitable business and ransom demands have escalated over the last two years. It’s no surprise that attackers are targeting large organizations who are likely to pay a ransom rather than have their business frozen for more than a day or two. Several different industries have been targeted recently including healthcare and critical infrastructure. The highly visible Colonial Pipeline attack crippled the company and the fuel supply chain on the East coast.

While large-scale ransomware attacks have made the news, there are many more that do not make national headlines. Small organizations are also at risk for an attack, especially by bots programmed to use a ‘shotgun approach’ at ransomware. These bots will scan thousands of company websites looking for email addresses, social media profiles, and any other personal data to use in a cyber attack.

Ransomware attacks are hitting close to home in Central Pennsylvania. Last year, the Duncannon borough in Perry County paid tens of thousands of dollars to hackers who held municipal data hostage. Although service was uninterrupted, the borough’s e-files, data, and emails were encrypted, and backup systems were compromised.

The bottom line – almost any organization is at risk for a ransomware attack. If you are a business owner, how do you reduce your risk for a cyber attack?

The best way to reduce your risk of a ransomware attack is to prepare for one. When you go through the process of preparing for a cyber attack, you will identify potential vulnerabilities and be able to address them prior to an attack.

Here are some key ways to prevent ransomware:

• Create an incident response plan: A cybersecurity incident response plan helps companies prepare for, detect, respond to, and recover from cybersecurity incidents. The plan should address issues like malware detection, data theft, and service outages.
• Invest in cybersecurity insurance: Cyber insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. It generally covers your business’ liability and helps in recovering compromised data. If you do not have cybersecurity insurance, your IT department, legal department, or your managed IT services provider can help you procure insurance.
• Set up a secure texting channel: One of the first casualties of a cyber attack is internal communication via email. To ensure senior leadership can communicate without access to email, set up a secure texting app.
• Use multifactor authentication (MFA): MFA is an electronic authentication process where a user is granted access to a website or application only after successfully providing two or more pieces of evidence to an authentication mechanism. MFA processes reduce the risk of ransomware since it creates an additional barrier to access of data.
• Provide regular cybersecurity training: Most network weaknesses and cyber attacks are caused by human error. Regular cybersecurity training can drastically reduce the risk of an attack.
• Consult with a cybersecurity company: Cybercriminals have years of training and prep to be able to be successful at what they do and one of the best ways to stay ahead of an attack is to work with a company that specializes in cybersecurity. A reputable company will help you put a plan in place to reduce your risk of an attack as well as continuously monitor your network for suspicious activity.

While no company is 100% protected from becoming a victim of ransomware, you can reduce your risk by taking proactive steps and be prepared if an attack happens.

Everound specializes in cybersecurity best practices for small businesses to large enterprises. Our team of cybersecurity experts can help you create an incident response plan, help procure cybersecurity insurance, and implement data protection strategies and programs to keep your information and network safe.

Reach out today to start a conversation about cybersecurity for your business. We can provide a free cybersecurity risk assessment and recommend next steps to protect your data. We focus on your IT, so you can focus on your business.

Across almost every industry, computers are essential to keeping a business operating smoothly. Computers improve employee efficiency, accuracy, and can speed up many work processes. As a business owner, knowing when to replace your work computer can be challenging.

If you wait too long, you can incur expensive support and service costs, and if you replace desktops and laptops too soon, you aren’t maximizing your original investment. So, how do you know when to keep or replace your older PCs? Let’s take a look at the average lifespan of computers, our recommended refresh cycle for a business, and key indicators a computer is starting to fail.

Like all electronics, computers will slow down and become less useful as they age. Environmental conditions, accidents, and normal wear and tear take their toll on both PCs and laptops, causing functional issues. Computers don’t last forever and having a replacement plan in place can help business owners plan for IT budget needs.

The average lifespan of a computer is typically three to five years. Desktop computers should last at least three years, and laptops, between three and five years. There are several factors that contribute to how long a computer will last for an employee including:

• Environmental factors: Computers require a cool environment to work properly. When they become overheated, the fans will kick on to try to cool down the internal components. The fans can draw dust and other allergens inside the computer which can clog up vents and prevent air from flowing freely. Computers that are used in factory environments tend to have a much shorter lifespan than computers in a cool, clean office space.
• Usage: One factor that contributes to your computer’s lifespan is the manner in which it is used. If you only use the computer for spreadsheets and word processing, you may be able to extend its life an extra year or so past the average lifespan of a PC. For more sophisticated tasks that require applications, you may find your older computer is slow and struggles to keep up with the increased processing demand.
• Unsafe cybersecurity practices: Nothing shortens the lifespan of a computer quicker than unsafe cybersecurity practices. Even the newest PC can die quickly if infected with malware or viruses. If you are a business owner, be sure to follow best practices for cybersecurity to ensure your computers – and your investment – are protected. Regularly install updates and patches for your computers’ operating systems and be proactive with cybersecurity training for your team. Many malware attacks are successful because of human behaviors.

At Everound, we recommend business owners adopt a 25% refresh cycle with their computer inventory rather than replacing all computers at the same time. Essentially, instead of purchasing new computers for all workstations at once, business owners can replace 25% of them each year. This cost-effective strategy allows for hardware capital expenses to be budgeted over four years instead of one.

There are several key signs to watch for when considering if you need to replace your work computers including:

• Security is out of date: If your current computers are incompatible with newer versions of their operating systems, it may be time to invest in new computers. When the operating system is incompatible, important security patches and updates will not be installed on your PC. Check your Windows and Mac machines for OS compatibility to make sure your security is up to date.
• Increasing support costs: Are your team members consistently asking your go-to IT staff member for help troubleshooting issues? Even if this is an internal employee, there is a real support cost affecting your bottom line.
• Noisy fans: Are the fans on your computer constantly running? This is a key indicator that your computer is running “hot” and its internal components are at risk for damage. If you’re running the latest versions of an application or operating system, these could be maxing out your computer hardware, causing it to run warmer than usual.
• Applications take a long time to load: Applications may take longer on an older computer. If you’re running the most up-to-date version of an application, older hardware may not be able to keep up. Before installing software, check the compatibility to ensure it will work with your computer.
• Slowed productivity and lost time: According to a study by Intel, employees are 19% less productive on a PC that is older than 5 years. If your work computers cause an hour of downtime per day for a month, that equates to 20 hours per month. What is the value of that lost time?

If your PCs or laptops are experiencing any of the key indicators they need to be replaced, a managed IT service provider can help you determine the best path to replace hardware in a cost-efficient manner. Everound offers monthly managed IT service plans that help business owners assess and determine how to replace computers to maximize efficiency and productivity.

At Everound, we work with small businesses to large corporations on their IT needs including computer procurement, installation, hardware and software maintenance, and computer refresh plans. Our team of experienced IT professionals can help you determine the best course of action to keep your computers operating at peak performance. Reach out today for a free hardware assessment for your business. We focus on your IT, so you can focus on your business.