As an ERP consultant, we hear many horror stories of businesses who fall prey to embezzlement, fraud and various forms of theft due to employees, and/or systems or practices that left their business vulnerable. It's our goal to help our clients protect their business from these risks by implementing ERP systems and best practices for added safeguards. Today we are hearing more and more about ransomware attacks that at the least are a huge inconvenience and at the worst even cripple businesses. In this article, we will review this growing threat and explore 5 ways to avoid an attack.
Ransomware is malicious malware that encrypts your data files and potentially the server…. If you get infected, you will usually see a message displayed on the screen demanding ransom to be paid. Unfortunately, there are some cases where individuals and businesses actually pay the ransom. This is like negotiating with terrorist and should be avoided, if at all possible. Usually, the attacker leave yoiu with a convenient option to pay via Bitcoin to an unknown and hard to trace overseas account. Upon receipt of the ransom money, you receive an unlocking code to decrypt your files. Usually, you are warned that if nothing is done within 7 to 30 days, files will be lost forever.
Bitcoin is International Digital Currency that helps these cyber-terrorists bypass the traditional banking routs. 1 Bitcoin = approximately $580
How much will you be willing to pay to get your files back? What to do if you were attacked? How long can your enterprise survive without your business management software?
Anytime you are attacked, it's hard not to take it personal. We were personally hit by the CryptoLocker Trojan two years ago. It was very difficult to recognize and our antivirus software did not pick it up. It came in the form of and email with an attachment. Once the email was opened, the infection started and all our Word, Excel, Pictures and accounting software were infected. A ransom note was left in each of the program folders. This is offshore mafia, as my IT consultant told me, and the only solution we had was to wipe the computer clean. We chose not to pay the ransom and reinstall all the operating software and restore from backups. As far as the accounting software goes, thankfully we have been using Divinsa Wholesale online backup for the last 10 years. We were able to restore our accounting data, but it was really a pain! This is one major benefit of having a Cloud ERP system where all your data is protected with backups and redundant data servers.
1. Backup all program and data files daily, make sure that the backup disk is not connected to the computer with the files you are backing up. Online cloud backup or a separate backup drive that can be disconnected.
2. Have an alternate server on standby with previous night’s programs and data files loaded and ready to use.
3. Use the latest enterprise anti-virus / anti malware software, and make sure it is updated daily
4. Consider eliminating on-premise server and move your ERP/CRM and MS program and data files to the cloud.
5. If you get an email from an unknown person or source, do not open the file. best just to delete the original email
Thanks to Ben Hanan, Business Systems Analyst for his original writing of the article in a newsletter from August 23, 2016.
If you have questions please, contact us at www.caserv.com or 760-618-1395. Please stay tuned for more helpful ERP consultant tips!
Written by Mike Renner, Partner WAC Consulting, Owner at Computer Accounting Services Mike is an expert on Acumatica and Sage 100 ERP with over 25 years in the accounting software industry. Mike is also a Sage Certified Trainer and a recognized leader in the design, implementation and support of ERP systems, including Sage and Acumatica.
Sage 100 ERP (formerly Sage MAS90 / MAS200), Sage 100 Fund Accounting (formerly MIP Non Profit Software), Sage Grant Management, Acumatica, Sage Online Fundraising, QuickBooks Enterprise and Point of Sale VAR.
Another version of this blog was previously on October 6, 2016 by Mike Renner in WAC’s Blog: What is Ransomware and Bitcoin