Data backups, employee training key to ransomware attack protection

Data backups, employee training key to ransomware attack protection

We’ve all heard the horror stories. Maybe it has even happened to you. While typing along on your computer, minding your own business, a pop-up window appears demanding money in exchange for your data.

Ransomware attacks like these have been making headlines recently, as major companies and even city governments succumb to criminals trying to make a quick buck by locking them out of mission-critical systems.

Luckily, there are security support superheroes like Chris Kotul, Division Manager for Chester Inc., Information Technologies, to help companies protect themselves against malicious malware infestations.

The key to preparing a company, big or small, for inevitable attacks and possible data loss is a three-step process Kotul said — Step 1) perform regular backups; Step 2) create a disaster recovery plan; Step 3) train employees.

“The best prevention is training,” Kotul said. “Train your users to look for warning signs in the emails they receive and the links they click.”

Recognizing problematic email content can be tricky as hackers’ approaches have grown more sophisticated. Messages can convincingly mimic official password reset prompts and spoof managers’ addresses to deceive people into supplying key security information.

Chester Inc. offers social engineering and phishing awareness training for businesses interested in helping employees better understand possible risks. Usually, they start by sending a test phishing email to all employees. This helps them identify specific people in need of targeted training, as well as specific topics that would be the most helpful.

Kotul advises clients that if they suspect something amiss in your inbox to delete the problematic message. Hover over links with a mouse before clicking them to make sure they direct to the right place and never open files or install software from unknown sources.  

“The term ‘malware’ is really a catchall for all types of malicious programs including viruses, bugs, worms, bots, rootkits, spyware, adware, trojans, and even ransomware,” Kotul explained.

Specifically, ransomware is designed to encrypt or “hold ransom” data or systems from the user. Once the data is encrypted, the cyber-criminals demand payment through untraceable crypto-currency and promise to provide the encryption key once payment is received.

“Paying the ransom does not guarantee you’ll get your data back,” Kotul said. “It may just embolden the culprit to demand even more money.”

So how can a company guarantee restored access to its files? First, they’ll need a robust backup system.

"With the technology that's out there now we can get backup sets as often as 15 minutes, and it's really affordable. It's not something that you need a ton of storage or a ton of bandwidth for," he said.

Having a system like that in place limits the amount of work lost if a company does get hit by a ransomware attack. Once access is restored, employees can probably go back to the data as it was 15 minutes prior to their systems being locked down.

But a strong backup solution is only half of the equation. Companies also need a formal disaster recovery plan that dictates how to get the data restored and usable.

"The disaster recovery side of it is probably the most important part,” Kotul said.

Disaster recovery plans vary widely depending on how long a client can handle being down and what their available resource budget looks like. The goal is to be able to set and meet clear expectations in case of an emergency.

"We have had long-standing clients, that have had our backup solutions in place and have been trained on what to avoid, that still get hit,” Kotul continued. “Unfortunately, you can't prevent everything."

In this case, an employee clicked on an email link that they shouldn't have and locked down the files that they had access to. Thanks to preconfigured security measures, the Chester Inc. team was able to pull that data right back down, ignoring the ransomware demand entirely. 

As a final caution, Kotul reiterated that paying a ransomware demand can lead to more problems.

“Some may think their cyber-liability insurance policy will cover the cost of the ransom. But even with an insurance policy there’s no guarantee you’ll actually be paid back. Underwriting qualifications and post-incident investigations can delay or even entirely prevent reimbursement,” he said.

“The only full-proof way of recovering from a ransomware attack is to have a fully functional, secured, and monitored backup and disaster recovery solution in place on all of your critical systems and data.”

For more information on all that Chester Inc. does to secure and support business information technology, visit their website at