Ransomware – Act Now Before It’s Too Late

When it comes to security threats and cyber attacks, we often don’t take any action until it’s too late – when it’s in our own backyard or it happens to someone we know.

The latter recently happened to a colleague of ours with ransomware, something that shook us to our core and reminded us to revisit our security policies. Ransomware occurs through a phishing email or click ad on a website. Anyone in your organization can mindlessly be clicking something and put you in a world of trouble.

There are many kinds of ransomware. However, all of them have one thing in common: they prevent you from using your computer as you normally would, and require that you do something before you can use it normally again. A common type of ransomware essentially turns your system’s built-in encryption process against you by encoding your files and sending the encryption key back to the cyber thief who created the ransomware. The attacker then holds your files hostage until you pay the demanded “ransom,” which can be to the tune of hundreds of thousands, of dollars. Obviously, an attack like this can be crippling and devastating to a small business that must have its files in order to survive, but does not have the required “ransom” to buy them back.

This form of “data kidnapping” is on the rise, showing up at an alarming rate. In fact, according to Computer Crime and Intellectual Property Section (CCIPS), more than 4,000 ransomware attacks have occurred every day since January 2016, a 300% increase over 2015 when 1,000 ransomware attacks were seen per day.

These staggering numbers illustrate just how scary and real ransomware threats are, yet many of us don’t have systems in place to pre-emptively look ahead and proactively plan if it happens. Here are some of the common ways to be prepared for a ransomware attack:

Install Updates

As you may have noticed, the United Kingdom was recently hit with ransomware cyber attacks last week because updates (patches) already provided by Microsoft weren’t installed.

It seems crazy to think that something as simple as not running updates can cause something so detrimental, but that’s exactly what happened. Microsoft releases patches for known threats, but if people and companies fail to install them in a timely fashion, they’re much more likely to become victims of the attack.

So, take precaution and install software updates immediately and on a regular basis. Also, turn on auto-updaters if you have that option (you do in Microsoft), and run anti-virus software, too.

Back Up

It may go without saying for some, but back up your important data on a daily basis. The best place to do so is in the cloud, the most secure, fastest and easiest way to protect all users.

If you back up on a desktop system, you’re more susceptible to being attacked. If you are using a local storage device or server to back up, make sure it’s offline and not directly connected to your desktop system, where the criminal thrives. Many people use network shares, where others can access important data. In this case, ensure backups are performed offline and unreachable from the infected machine. The same goes for your own machine backups on an external hard drive. Only connect those drives to a machine when doing backups, then immediately disconnect them when they’re done. And, make sure it’s encrypted!

While backing up your data doesn’t guarantee 100% prevention from ransomware, it does protect you from having to pay to get your data back.

Get Protection

A strong firewall and up-to-date security software are key to being prepared for a ransomware attack. At Sound Business Services, our go-to recommendation is Cisco Umbrella, which is located in the cloud and protects your team on a real-time basis. Although Cisco Umbrella cannot prevent ransomware attacks, it does prevent the criminal who sent you the ransomware from receiving the encryption key back, and thus, holding your files hostage.

Educate

It’s easier said than done, but we must try our best to make our team aware of what to do to prevent ransomware. Explain how it works and not to click links inside emails or visit sketchy websites. Moreover, if any of your team does get affected by ransomware, or even suspects that they might be, make sure they know how to respond and who to alert. Make sure they know to disconnect from the internet immediately so that more sensitive data isn’t in the hands of criminals. If data is backed up, you can re-install software, or take your computer to a repair shop.

Don’t Pay Up

Being prepared for a ransomware attack means not only ensuring that you don’t lose your companies files, but also that you don’t have to pay the costly ransom price. Paying ransom is not smart, and will often lead to more blackmail and deceit, in an effort to get you to pay more and more down the road. What you can do is alert authorities and work with them to find the best solution. Your local police may not be able to help, but the local FBI sure would.

Your Best Defense

Your best defense against ransomware is a strong offense. This includes proactively planning ahead to protect your information and keep criminals from breaking into your system in the first place.

If you would like to have a conversation about your system’s security and how to offensively be prepared for a ransomware attack, contact us today. Although we are still learning in the process, we would be happy to share what we have learned, as well as point you to some resources that have been a help to us. Hopefully, as a result, we can put the processes and strategies in place to fight, and ultimately defeat, this awful crime.

The Power of Three: Benefits of a Client-CPA-Bookkeeper Team

A common misnomer is that a CPA and a bookkeeper are one in the same, when in reality, they have different roles.

While the CPA deals with the day-to-day numbers, forecasts and tax filings, the bookkeeper turns the client’s data into actionable results to help take a business to the next level and grow exponentially.

Sounds good, but the true value of the relationships occurs when you incorporate the CPA and the bookkeeper into a team, or as I like to call it, a “three-way triangle” that also includes the client. The benefits of having a great CPA and bookkeeper working together, while having your best interests at heart, are tremendous. Here are some of the biggest benefits.

Trust and Accountability

While the CPA and the bookkeeper may have different roles, they actually speak the same language, providing a system of checks and balances. The CPA and bookkeeper can check each other’s work, look for mistakes (they do happen – we are not perfect!), collaborate and plan.

For example, once the CPA gives you the amount of your quarterly tax payments, the bookkeeper will ensure the payments happen consistently. And, the bookkeeper can build the numbers, as well as spot any red flags along the way.

It’s a great feeling when the CPA and bookkeeper are able to plan together – and all three of you trust each other.

The Power of Availability

There’s power in numbers: when you have two teams working on your accounting, they will be more available to answer your questions. This teamwork approach also makes sure your financials are in order and parties are working on the same page toward a common goal.

Get the most value and the best results by ensuring you have open communication between the CPA and bookkeeper. And, both of them are responsible for keeping you abreast of all decisions and strategies.

Let us Know if we can Help!

While the bookkeeper specializes in bookkeeping, the CPA specializes in tax and accounting. You’re not paying CPA rates to do bookkeeping, and vice versa. So, the two working together is a transparent approach that creates a powerful solution.

Although Sound Business Services doesn’t do taxes in house, we have CPAs we recommend who can be cost effective. Or, if you come to us with an existing CPA, we are more than happy to work with your CPA and/or let them check up on us to make sure we are doing our job and looking out for your best interests. This builds trust and eases the switch/change for you.

If you would like to have the conversation about implementing the “power of three,” or just have some questions about it, contact us today. You’ll be on your way to a transformative experience for your business.