Cyber-attacks aimed at the construction industry are on the rise. Why? Construction is switching over to digital tools, communications and storage. Although this has many benefits for an industry traditionally seen as analogue, there are huge risks in setting up systems and storing data without adequate protection against ransomware and other cyber-threats.
Research completed in partnership with Construction news has revealed that 39% of UK construction firms experienced a ransomware attack in the past year:
- 83% of the firms reported the threat had been caused by phishing attempts.
- 21%, which is just over 1 in 5, experienced more sophisticated attacks, including denial of service, malware and ransomware.
When it comes to recovering from these attacks, it can take more than a week to get ‘up and running’ again if you do not have the correct procedures in place. Companies need to think seriously about their Recovery Time Objective (RTO) and Recovery Point Objective (RPO ) if they want to minimise the risk of disruption and economic loss that can stem from an attack (if you’re not sure what RTO/RPO is, read our guide here)
With a rise in cyber-attacks, it is essential that you know what to do if your business falls victim to a ransomware attack – or even better, how to prevent one happening in the first place.
What is ransomware?
Ransomware is a malware attack designed to deny a user access to files or the operating system on their computer. The attacker encrypts your files then demands a payment for the decryption key. Ransomware attacks can be spread through multiple channels, the most common being phishing emails, malicious links and attachments, and exposure to public Wi-Fi. Read our full guide to Ransomware here.
What happens if I get ransomware?
When ransomware is found on your computer your hardware becomes locked, or the data on it becomes encrypted, stolen or deleted. Data recovery is sometimes possible, and you should seek immediate advice from malware experts.
How can I protect my data?
Cyber-attacks can be prevented with good monitoring applications, frequent file backups, anti-malware software, and user training
Basic security:
- Patch management is vital – keeping your devices and software up to date.
- Antivirus, spam filters and virus filters.
- Cyber security awareness training for all staff.
- Device encryption, a device with sensitive information is easy to grab and go.
- Use Password Managers.
- Enable Two Factor Authentication where available.
- Apply the Least Privilege Principal in terms of who needs access.
- Regular backups – essential but only if they’re done correctly!
- A proper data audit.
- Tested – a backup isn’t a backup unless it’s been tested. Build in a restore test schedule into any strategy.
Often with ransomware or data loss, the main problem isn’t just the attack itself, it’s the lack of awareness most people have around their data – what is stored where, and how it is backed up. Be prepared!
How to prepare for a ransomware attack
- Work with a data expert to ensure you have the right back up and protection in place.
- Backup your data.
- Use a security solution.
- Train your staff to be more aware of cyber threats.
- Choose a security solution that is easy to use
How do I recover after being hit with an attack?
If you’re hit by a ransomware attack and have a backup plan in place, you will be able to recover from it. The most important thing is not pay the ransom; this will only encourage hackers to attack more people and create more problems.
You should also make sure that all of your data is secure and backed up properly so that if an attack does happen, you can recover quickly and easily without losing information or time.
What should I do next?
As cyber-attacks become more sophisticated, it’s important to know how to protect yourself and your business. The best way to do this is to seek out professional advice.
At Vitanium, we have over 20 years’ experience in data management and back up, so we know there is no one size fits all. A thorough and professional data audit should help you write, implement, and test your backup plan correctly.
We also think immutable backup should be a minimum for every company, not a nice to have. We recommend immutable backups as way to counter ever increasing data attacks because it is impossible to alter.
If you want to know more about how ransomware attacks work or how to protect your business data for maximum protection, and minimum disruption, get in touch with our expert team now.