Ransomware viruses. Hacking. Phishing. Everyone’s heard these technical-sounding words. However, the question is, what do they have to do with you? Why should you care? Well, if you’re involved in a nonprofit organization, they have everything to do with you. The ransomware virus is a huge threat to schools, charities and libraries.
Don’t believe it? According to “How to Protect Your Networks from Ransomware,” an article posted by the FBI, “there are more than 4,000 ransomware attacks per day.” The most likely to get hit with ransomware? Education and government systems.
Ransomware virus — What’s the threat?
So those are the facts, but what exactly are the consequences of hacking into these systems? For most organizations, the worst part of being infected is that your consumers’ personal information — including minors’ names, emails and addresses — is now in the hands of hackers. Then there’s the length of time it takes a to repair the damage. And the costs — financial and reputation — associated with informing patrons of the loss.
The information obtained from the ransomware virus is typically locked. The hackers release it only if the victim agrees to pay a large sum of money (i.e. “ransom”).
Such consequences end up costing your nonprofit or library a lot — not just financially, but also in terms of reputation. According to The Herald Bulletin, one county spent close to $200,000 after being hacked. The question then becomes, how much money are you willing to give up after being hacked? Isn’t it just easier and less expensive to prevent it in the first place?
Planning for ransomware attacks
Now that you know the facts, you might be asking what you can do to prevent this from happening to your nonprofit or library. Well, there are many steps. The first step is to get an SSL certificate for your website. These encrypt data as it flows between your system and that of your patients, clients and patrons.
The second step is to get a comprehensive malware scanner such as GoDaddy’s Website Security, powered by Sucuri, which will help protect your website from all kinds of unwanted visitors.
How does it work? GoDaddy Website Security, powered by Sucuri scans and monitors your website daily. If malware is found, you’ll be alerted immediately — simply authorize a cleanup and GoDaddy will spring into action. Next, it’s recommended that you get a Web Application Firewall (WAF), which will help prevent re-infection (this is included with the Express Malware Removal or Deluxe plans of Website Security, powered by Sucuri).
Advice for health-related agencies and clinics
Any U.S. healthcare group or agency has additional concerns. These groups are governed by the Health Insurance Portability and Accountability Act (HIPAA), a law put in place to protect American healthcare consumers. While your security requirements are mandated by law, the solution is the same as for any business: take preventive action to head off a catastrophic breach like these.
Make sure all employees are properly trained and ask yourself the question, “Does this information need to be connected to the internet?”
If the answer is no, store it on a secure device that isn’t connected to the web. It’s the same principal taught to children in schools today. “Do I really need everyone to see this? Will it hurt me in the long run?” By answering these two simple questions, you can save yourself pain and money.
Forewarned is forearmed
The ransomware virus looms large, but it isn’t the only danger. By educating yourself about the different types of hacking, you’ll know how to identify them and prevent hackers from even getting in. There are many different types of hacking.
One of the oldest and most dangerous attacks is called SQL injection. This begins when a hacker “injects” malicious code into a website through a security vulnerability. This insidious hack can bypass a system’s otherwise robust authentication and authorization mechanisms to retrieve the contents of an entire database — names, addresses, credit card numbers, patient histories — everything.
Then there’s phishing, whaling and spear-phishing. These all get information through deception. Phishing is when a hacker sends a legitimate-looking email from a company and uses that to gain personal information by asking the recipient to log into their account via a fake website. With spear-phishing, the hacker “spears” an individual; whaling is when the hacker goes after a high-level individual.
In all cases, the ultimate goal of hackers is to harvest data they can sell to crooks who’ll then use it for identity theft. And no one is safe. According to the Center for Identity, “children are up to 35 times more likely to have their identities stolen than adults.” You don’t want to be that group that opened the door to this type of data loss.
The golden rule of prevention
There’s one common thread that runs through all the best advice: prevention is vital. If you haven’t been hacked yet, you’re lucky. Don’t squander the chance you have to protect your clients and head off the expense and public embarrassment of a data breach. Take these steps now:
- Act immediately when you get notifications of system and software updates and security patches. There’s really no excuse not to, and these updates close the gaps that hackers use to get in.
- Be vigilant. Don’t give anyone access to your system — no matter how innocent it seems. Be diligent in sanitizing any inputs. Don’t, for example, allow anyone to plug jump drives or other removable media into networked computers.
- When access is granted, make sure the right level is given to the right people and that you restrict permissions on any critical folders. Don’t print out errors, because if they fall into the wrong hands, it could lead to hackers having easy access to all of your information.
The most important thing, however, is to always be on the lookout for irregular activity. If your operating system suddenly starts loading slowly or popup windows start appearing, be suspicious, as this could be signs that hackers are trying to break into your system. By following these steps and being proactive, you’ll soon be on the way to better security against the ransomware virus and other kinds of hacking.