By Jason Johnson
With the rise of cyberattacks, you can never be too careful or prepared when it comes to protecting your digital information. Whether you own one store or several, you need to be cautious—anyone can fall victim.
Picture this: you arrive at work, check your e-mail—and suddenly your computer’s files are infected with an encryption requiring a secret code to unlock. A ransom note scrolls across your screen with a demand: “Pay the price or all your files are gone.” What would you do?
What is ransomware?
Ransomware is a type of virus that can attach itself to a harmless-looking e-mail or website, often from a seemingly legitimate company. Once opened or otherwise activated, the virus infects all the computer’s files with a strong encryption that can only be removed with a specific code. Then, a ransom note appears on the user’s screen, typically demanding a certain amount of money, with no guarantee the hackers will actually provide the promised code in return. Even if they do, there is no way of knowing the code will actually unlock or release the affected files.
Keeping your files safe
Your digital security should be a top priority, alongside your physical and procedural plans. You can never be too safe when responding to/defending against ransomware hacking attempts and attacks. Keeping the following tips in mind can help you protect your business.
1. Only use secured wireless providers to gain Internet access, and encrypt your router to protect your connection.
Contact your system administrator to confirm your system’s security, and limit your encrypted Wi-Fi connection to necessary employees only. If you allow wireless access to your customers, make sure it is via a ‘guest network’ with different login credentials.
2. Frequently check computers with anti-malware, anti-spyware, and antivirus software.
Perform frequent scans on your systems to ensure no hacking attempts have been made. Also run regular software updates, as many software vendors publish security improvements frequently. Many applications can be configured to update automatically when security patches are available that address new threats.
3. If you are on a website that seems suspicious, leave it immediately.
Never enter sensitive information, such as account details or passwords, into questionable websites. If you think a website is suspicious, check with your IT provider to confirm its legitimacy before continuing to access it.
4. Run ad-blocking applications on corporate machines.
Popups and free downloads are frequent offenders when it comes to carrying viruses. Configure your Internet browser settings to disable popups so you don’t accidentally click on one.
5. Limit employee access to data and information and restrict authority to install software.
Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems they need for their jobs, and should not be able to install any software without permission.
6. Confirm computer screens and confidential information are out of sight of your customers and visitors.
Careless placement of computer screens, documents, or other sensitive materials could result in a visual hacking incident. Confirm your sensitive information is out of sight of the general public. Customers might not be able to see large amounts of data just by looking over someone’s shoulder or across the counter, but it still counts as an unauthorized disclosure or confidentiality breach.
7. Properly dispose of sensitive information by destroying or wiping hard drives.
Consider having a locked box for physical items that need to be shredded. Contact a local electronic company to discuss options for safely disposing of electronics.
8. Back up your information.
Consider having a copy of your files backed up and stored offsite in a secure location. If you do experience a ransomware or data catastrophe, you will be able to recover your information safely and efficiently.
9. Create a plan.
In the event you suffer a ransomware or phishing attack, it is important to have a plan in place. Training your employees on proper protocol is essential to protecting your electronic information and data systems. Have frequent team meetings to review safety processes and keep security at the forefront of your employees’ minds.
If your business does undergo a ransomware attack, contact law enforcement immediately. Any attack on your business should be reported to the police so they can record the hacking incident. If customer data—such as credit card details—is lost, best practice would be to notify the Privacy Commissioner’s Office. Doing this is mandatory in Alberta. You may also contact the Royal Canadian Mounted Police (RCMP).
If your company website or systems have been hacked, you may also want to contact your attorney for advice on your responsibilities, such as letting your customers know. The public and companies are encouraged to collaborate with the government and local law enforcement.
Jason Johnson joined Jewelers Mutual Insurance Group in 2013 as a commercial lines claims examiner. In his current role as a loss prevention account manager, he is responsible for providing sound advice to jewellers on ways to prevent insurance-related losses. Prior to joining Jewelers Mutual, Johnson worked as a private investigator. He has also worked for American Family Insurance as a claims adjuster, and is a graduate of Carroll University with a bachelor’s degree in criminal justice. Comments and questions can be sent to lossprevention@jminsure.com.
For resources regarding safety and security when carrying/ working with jewellery, visit JewelersMutual.com. Jewelers Mutual Insurance Group is the only company specializing exclusively in jewellery insurance in Canada and the United States. It is licensed in Canada and all 50 states.
