“We Have Your Business…”

“We Have Your Business…”

Not long ago, threat vectors infected more than 230,000 computers in 150 countries worldwide using ransomware, a type of malware that blocks or limits access to a system until a ransom is paid. As a result of WannaCry, a multitude of organizations – including hospitals in England and Scotland – were forced to halt business operations as critical systems were locked up. The smallest impact of this attack was roughly $50,000 in Bitcoin payments. More severe was the locked down and lost or compromised data.

This type of attack could happen in any industry given how easy it is for hackers to execute. Usually, hackers simply email a link to a victim that, when opened, downloads the malicious software that encrypts files on their network until the hacker receives the ransom. An attack would go beyond credit card theft at the POS portal, to a full ransomware attack where all systems are locked down and millions in revenue could be lost per day. Not only does a breach hurt the consumer, it can be detrimental to the bottom line and brand reputation. For a small business, it could put the owner out of business altogether, depending on the severity.

“We are not far away from a major breach of a POS system that has nothing to do with stealing credit card data, but instead is intended to hold hostage for a large ransom the business’ability to conduct transactions. Stealing credit card data takes months, whereas ransomware takes minutes. It will not be long before cybercriminals utilize ransomware that freezes all of a business’ POS systems, and the ransom will not be for the release of data, it will be for the ability to get back in business.” – Kevin Watson, CEO, Netsurion 

Last year, for example, cybercriminals took over a well-known hospital’s internal system, locking medical professionals and staff out. The hackers demanded a $3.7 million ransom, forcing the hospital back into the pre-computing era for ten days while they negotiated. Ultimately, they only paid $17,000 to regain access, but the incident caused a major disruption to the hospital’s work flow and put patient care at risk.

Ransomware should be the number one concern for businesses. Attack frequency is at its height: there have been more than 4,000 ransomware attacks happening each day for over a year now. Attacks on businesses increased from once every two minutes to once every 40 seconds. Most businesses experienced at least two days without their systems, a loss of profits, and the cost of paying the ransom.

While firewalls and anti-virus are standard security measures, it is crucial to realize they are not enough. To help avoid a ransomware breach at your business, consider the following tips.

1. Add a managed SIEM. Hotel and hospitality, healthcare, retail, and financial industries should implement a managed security information and event management (SIEM) platform for their remote locations to provide early warnings of ransomware and other cyberattacks. They should also consider a managed SIEM for inside the corporate perimeter as well, unless they have the expertise and resources to properly use it internally. Using a managed service provider with 24/7 monitoring through a security operations center helps ensure consistent security measures are in place throughout your entire system.

2. Get PCI compliant. As the Payment Card Industry (PCI) rapidly expanded, the Payment Card Industry Security Standards Council (PCI SSC) developed a set of requirements called the Payment Card Industry Data Security Standard (PCI DSS). These specifications ensure that all companies that process, store or transmit credit card information maintain a secure environment. PCI applies to all organizations or merchants that accept, transmit, or store cardholder data, regardless of size or number of transactions. 

3. Plan for ransomware. Regardless of technical or employee safeguards implemented to prevent ransomware attacks, any system open to authorized access is also open to unauthorized access. Organizations, large and small, need to regularly test response procedures and update them to thwart such incidents, and minimize or eliminate damage to reputation, employees, and customers/patients. Tactics may include plans to engage the information security team or recover the data. Organizations should do everything in their power to NOT pay the ransom and empower the hackers.

4. Train personnel. Almost every breach is caused by a human act, whether it be malicious or innocent. Organizations and franchisees should train employees to be wary of suspicious emails and not open them or links inside them, as they may contain ransomware. Employees should also be taught not to send emails to an email address they do not recognize, nor transmit highly sensitive information through unsecured emails, texts, or other communications such as Gmail, Yahoo mail, or text apps on smartphones.

5. Back up your data regularly. Backing up data on external hard drives or through cloud storage is imperative today. After all, threat vectors can’t freeze up data that is not on the network or connected devices. The encrypted data can then be restored.

Practice Constant Vigilance

You should always be on-guard against attacks and have a strong plan of response in place to mitigate them – including use of a managed SIEM – which is key for cybersecurity today. Such measures will deter a compromise of reputation, and employees’ and customers’ sensitive information.

Taking such precautions could help end ransomware attacks altogether because they will cease when they stop being profitable. If fewer people click malicious links and more organizations back up their data, while deploying a proper SIEM and managed network solution, hackers will see far less success.

ABOUT THE AUTHOR

Netsurion is a managed security service provider that protects multi-location franchise information, POS, and Wi-Fi networks from data breaches, outages, and cyber threats. Our SIEM solution delivers endpoint security in an affordable, accessible way and our award-winning remote network security and PCI compliance solutions keep any size business secure. Click here for a Free Security Consultation and take this Risk Assessment. netsurion.com

Global Franchise Meets.

An inspirational new web video series where we meet the business leaders and influencers in International Franchising.

you may be interested in

franchise directory

  • TaxAssist Accountants

    Business & Professional Services, Financial Services, <100K, Featured

  • Cafe2U

    Food & Catering, Coffee, Take-away, <100K, Featured

  • 0800 Pizza

    Food & Catering, Fastfood, Pizza, Take-away, Featured

view more
Connect with Linkedin Logo
Global White Logo Click Here
Close button

WHAT DO WE USE YOUR INFORMATION FOR?

Any of the information we collect from you may be used in one of the following ways: To personalize your experience (your information helps us to better respond to your individual needs) To improve our website (we continually strive to improve our website offerings based on the information and feedback we receive from you) To improve customer service (your information helps us to more effectively respond to your customer service requests and support needs) To process transactions your information, whether public or private, will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the purchased product or service requested. To administer a contest, promotion, survey or other site feature To send periodic emails The email address you provide for order processing, will only be used to send you information and updates pertaining to your order. Note: If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.

HOW DO WE PROTECT YOUR INFORMATION?

We implement a variety of security measures to maintain the safety of your personal information when you place an order or enter, submit, or access your personal information We offer the use of a secure server. All supplied sensitive/credit information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our Payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (credit cards, social security numbers, financials, etc.) will not be stored on our servers.

DO WE USE COOKIES?

Yes (Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the sites or service providers systems to recognize your browser and capture and remember certain information. We use cookies to help us remember and process the items in your shopping cart, understand and save your preferences for future visits, keep track of advertisements and compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

DO WE DISCLOSE ANY INFORMATION TO OUTSIDE PARTIES?

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted third parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

THIRD PARTY LINKS

Occasionally, at our discretion, we may include or offer third party products or services on our website. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

CHILDRENS ONLINE PRIVACY PROTECTION ACT COMPLIANCE

We are in compliance with the requirements of COPPA (Childrens Online Privacy Protection Act), we do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

ONLINE PRIVACY POLICY ONLY

This online privacy policy applies only to information collected through our website and not to information collected offline.

TERMS AND CONDITIONS

Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website at globalfranchisemagazine.com/terms-conditions

YOUR CONSENT

By using our site, you consent to our online privacy policy.

CHANGES TO OUR PRIVACY POLICY

If we decide to change our privacy policy, we will post those changes on this page

CONTACTING US

If there are any questions regarding this privacy policy you may contact us using the information below. All correspondence relating to the Website should be sent to: Global Franchise 21/23 Phoenix Court Hawkins Road Colchester Essex CO2 8JY Email: subscriptions@aceville.co.uk