Credit: Bet_Noire / iStock
Just a couple of months ago, I discussed two of my current challenges: securing a remote workforce when most of the applications that folks use are cloud-based software as a service (SaaS), and having employees who, thanks to those SaaS apps, have no reason to connect to the corporate network and therefore rarely access the IT infrastructure.
At issue: A user who hasn’t backed up his PC in months just saw his documents get encrypted by ransomware.
Action plan: Find out how it happened, but more importantly, use this event as leverage to address an ongoing problem.
Well, this week, a situation arose that could expedite plans to address the matter. I got wind of it when a remote worker who is on our professional services team and is responsible for assisting with integration of our company’s software sent me an email with a subject line of “Uh Oh.” I know that this guy doesn’t easily panic, so this couldn’t be good news.
It wasn’t. His files had been locked up by ransomware.
We’ve had discussions in the company about what to do in cases of users’ documents being encrypted and held hostage by cyber crooks. The CFO and several vice presidents are adamantly opposed to paying ransom. I am of the same mind. I don’t want to pay money (this particular extortion was demanding 1.5 Bitcoins, or about $900 at current rates) for access to our own documents. And any company that pays a ransom is at the mercy of other hackers who find out that it will play along.
Besides, there should never be a need to pay such ransoms. Frequent backups should allow you to restore any documents as they existed not long before they were encrypted.
But if your employees have found they have little need to connect to the corporate network in the daily course of doing their jobs and connecting to the network is the only way they are going to have their files backed up, you’re in trouble. So, yes, we’re in trouble.
A big part of the problem is that users don’t perceive that they are bypassing backups. Even people who work intensely with software, such as the victim in this case, don’t always see the danger. He was under the impression that his data was being backed up. But when I checked in with the IT department, I learned that the last time his PC had been backed up was in June 2016, more than three months ago. Our antivirus and Windows Server Update Services management consoles told a similar story: This PC has not been patched lately, and the last time it was connected to our antivirus console was more than three months ago, when the user visited the office for a company meeting. More and more, this is typical; we have several other employees who haven’t connected in more than six months.
Sign up for CIO Asia eNewsletters.