Don't Open It!

boffin2coffin
Sep 1, 2016
4 min read

Written for Funeralcare Magazine, September 2016

“Our power company must have changed its name ...” he mused. I was less-than-half-listening, more-than-half-concentrating on the day’s work mountain.

“Why do you think that?” I auto-replied. “Our latest power account has been emailed but the company name is different …”

My half-asleep geek was instantly awake. “DON’T OPEN IT!!!” Too late.

What amazed me – at the end of what turned into a very long day – was the damage the virus was able to wreak in the time it took the antivirus software to quarantine and delete it. About 14,000 files corrupted irretrievably. – 14,000! In less than 20 minutes. (That was the golden 20 minutes between “I didn’t” and “You must have.”)

About 14,000 irretrievably damaged network files. No choice but to delete them. Oh yeah – the virus helpfully saved a text file to the network telling us how to retrieve them by paying lots of money into an offshore account. And no, that was never an option.

We had just been introduced to “ransomware”. (“How do you do?” “Not so good now, but thanks for asking.”) Actually, as it turns out, not nearly as bad as it could have been.

We’re a small business. Seven staff, 400 funerals a year. Our funeral directors are our computer experts, so IT strategy and continuity of IT care are fitted in around our real jobs. We have antivirus software, a secure network, and mission-critical file backups. We share computer skills and information, keep our software up to date, and we’re not fooled by Nigerians leaving us vast bequests or repatriations requiring our credit card details.

We’re not so good at deleting stuff we don’t need any more, and we’re often at work when we should be asleep or at play. As a result, we sometimes miss stuff we wish we hadn’t. Because we don’t want you to, we’ve come up with three things that can keep you safe.

1. Be suspicious

Most threats are easy to recognise, but they are becoming increasingly sophisticated. You need to be personally responsible and vigilant.

Identify the source. Is the email from a power company/bank/postal service that you don’t use? Be suspicious. Is the language appropriate to the message or does it look like a bad English translation? Be suspicious. Are you expecting a parcel? Would NZ Post really charge you $2.50 per day to hold a parcel? If it doesn’t quite stack up, be suspicious. Check links without clicking on them. If you hover your mouse over a web link or email address, it will show you the real link. Is it different to what it says it is? Does it end in something other than .com or.nz? If you’re suspicious, but unsure, ask a colleague what they think.

2. Use anti-virus software

There are some great free anti-virus solutions out there that are a great deal better than having no protection at all. Even better than the free stuff is the stuff you pay for – robust solutions that use more than one method to protect you and your data. What price security?

Just installing the software is not enough though. You need to keep it up to date, and use it to scan media for suspicious files and activity. (You know, by clicking “Yes” instead of “No” when it asks you if you want to scan the USB drive you just plugged in).

3. Keep backups

There are many ways to keep copies of your important files. I would venture that few of us have dedicated IT departments that run comprehensive nightly backups, so we need to find a solution, and a frequency, that works for us.

Ask yourself which files and information are essential to the running of your business, by working out how many productive hours you would lose if the information was lost. Scanned photos: minimal impact. Service sheet very close to final print time: medium impact. This week’s invoices and receipts: high impact. Will it matter this time tomorrow, next week, next year?

Backups can take many forms. In their simplest, manual form, a printout. In their most complex form, a regular, compressed, encrypted copy of all your data. Somewhere in between: a copy to removable media or cloud storage of your critical files – those that change often and/or would take time to recreate.

What we changed

I can’t overstate how lucky we were to escape serious loss of data. We had completely recovered from the attack within 24 hours, and with only eight hours of effort.

There is no one thing that will protect you and your data, and no one-size-fits-all solution. But there are ways to minimise and distribute your risk. Here is what we learned, and what we changed:

Things that made the problem worse:

Answering “Don’t open it!” with “I didn’t”. We’re all fallible, and the quicker the alarm is raised, the less damage will be done.

Things that saved us:

Anti-virus software.
Isolating the infected computer from the network (by disconnecting the LAN cable, or disabling the wireless connection).
The superfluous files we hadn’t got around to deleting. This enormous mountain of stuff that was no longer important kept the virus busy and slowed the damage!
Data backups in a variety of forms – printouts of the most recent file changes, a recent backup file on an offsite hard drive, a duplicate file on a cloud drive, a duplicate file on a USB card, and a fresh file backup held by the accountant.

Things that we do differently now: