What can you learn from the most recent cyber attack?

You may have heard in the latest news cycle that another Australian healthcare provider has fallen victim to a serious cyber-attack. These reports can be scary and with lots of news organisations more interested in the next sensational headline, we don’t often get clear and concise advice that we need. This article will hopefully answer some of the questions that you may have and provide practical and simple advice on how to protect your family and business.

As we slowly get more detail of the most recent cyber-attack on yet another healthcare provider here in Australia it is a perfect time to discuss what this attack is, why it keeps happening, what it means for us individually, and what we can do to protect our business in the event of an attack.

What does this mean for me individually?

1 Is my data safe?

Whenever a company that has private information about us there is a risk of that personal identifying information being released and identity theft is an ever-increasing issue.

Has our data actually been stolen?

Should we worry?

At this point in time (16:00 AEST) we don’t know much, and we can only go on the information provided to the press. All we know at this stage is it seems to be a private healthcare provider MediSecure, an e-script provider, and it is not a government organisation. This is a positive as hospitals and critical care is not currently being disrupted.

We also have reports that the attack is what is called a Ransomware attack, and the company has posted a statement saying it has identified a cyber security incident impacting “the personal and health information of individuals”.

While this might sound terrible, for us as individuals, it is potentially one saving grace.

The Medibank Private attack back in 2022, was able to get a copy of user’s data that was then sold or released on the dark web and was most likely a direct attack by one or more people getting direct access to files and data within the company.

A Ransomware attack usually means that the files within an organisation are encrypted and made unreadable by anyone. This is usually via a bad application or software that has made it into the organisations network and doesn’t usually come from a person directly accessing the network. This means that the company’s data may not be copied out to the bad guys, but rather made useless to everyone.

The attackers then hold the key to unlocking the company’s data to ransom and are not interested in the actual data itself.

As this is early days of the attack, we don’t know for sure…. but there is a good chance the data isn’t lost, just useless. Keep an eye on the news for more news as it becomes available and we will update this article when we know more.

What impact would this have on my business?

2 How would your business be impacted if you lost all your data?

If your business was attacked with Ransomware, what sort of effect would it have on you and your business, and how would you be able to recover from such an attack.

The key to Ransomware attacks is that the data that is attacked is made useless to everyone, especially the business, so to answer the question of what impact it would have we simply need to ask, what impact would it be on my business if I lost ALL my data right now?

We are talking business plans, customer data, product information, employee data, marketing files, supplier data, accounting….. the works.

A great way to think about it, if you are a small business, is by asking questions like:

What would happen if you dropped your one and only business laptop and phone, and is shattered beyond repair?
How long would it take you to recover?
Could you recover?
What would the cost be to recover?

These are fairly simple questions to answer as we often know how reliant we are on our devices and the information they hold. Answer these questions and then let’s see what we can do to prevent this and also to recover in the event of loss of everything.

How would I prevent it? (Without it costing me a fortune!)

Loss of your data, through attack by a bad guy or loss of your hardware due to accident or theft, can leave small businesses high and dry and even unable to continue. There are many stories of small business having to shut up shop and walk away from the business after a ransomware attack, theft, or fire.

The key to preventing this from happening to you is being prepared.

Many small businesses I speak to have the attitude that they will deal with It security once they have an issue, but not before.

That’s kind of like driving your car and never servicing it and just worrying about it when it stops working. It’s going to leave you stranded, unable to do anything, and it’s going to cost you a lot more to fix than doing it right int he first place.

So, what preventative measures should we take?

Backup!
Prepare for the worst.

Backup

I know this might sound simple, but many organisations don’t have good backup strategies and don’t maintain them. I’ve seen many small businesses run backups on to external hard drives, which is great, but they are stored right next to the computer they are backing up. If the computer gets stolen, it is very likely that the thief will steal anything not bolted down around it too. Or, if the computer burnt down, the backups could burn too.

The best backup practice is called 3-2-1.

3 copies of your data
2 different types of media
1 copy off site.

3 copies of your data might seem like overkill and difficult to do, but if you are using something like OneDrive, Google Drive, iCloud, Box etc. you will have a copy on your computer and a copy in the cloud. There’s 2 and we haven’t done anything yet. 🙂 The third copy can be a backup. This can be a local copy on an external hard disk, or it can be a backup solution online.

Microsoft has recently released Microsoft 365 Backup that can be added to your M365 subscription and easily implemented. There are also many other brands of online backup solutions out there.

A local hard disk set to backup your files is great too, but make sure that it is not always connected to your computer, or you are at risk of that hard disk also being made useless by a ransomware attack. Instead, have 2 (or more) hard drives that you have setup for backup, and have a process to have one in a safe or offsite and one currently backing up, then swap them over each week or at the end of each day. That way you are never more than 1 week or 1 day out of step with your current data. 2 different types of media might sound odd, but the idea here is that some types of storage are more resilient than others. Magnetic tape is still used in big organisations as it has a longer shelf life than hard drives and is immune from many environmental events that hard

drives would fail at. However, it is more expensive to have such a device. Instead, for small businesses, an external hard drive and an online backup solution is 2 different types of backup and therefore more secure and cost effective.

It also helps with the last step…. 1 copy off site.

3 It’s not just enough to backup, it has to be safe.

Having your backup net to your computer puts it at risk of left or fire. Having one copy away from the office or wherever you primarily work, means that if your computer and where it is stored is affected by a major disaster, there will be one backup copy that isn’t affected.

A small fireproof safe at home, or in another location is perfect.

A friends, partners, or families house is another good location…. so long as you have a good relationship with the person. 🙂

Prepare for the worst!

4 How long would it take you to recover losing your computer?

Running through a scenario of the worst possible case of an event can be a very useful thing. It reveals to us all the things we take for granted and allows us to see where we, and our business, might be vulnerable.

This process can be as simple as imagining what the worst case would look like but is much more effective if you are able to play out what it would actually look like. Start by putting all of your devices in another room and then use another device, or set of devices, that have nothing to do with your business, to try and get back up and running.

Basic functions, such as email, invoicing, and business critical apps are the fastest target. Additional data, such as marketing plans, archive info etc. can come later.

A good goal would be to be able to get back up and running within 1 day, but the faster the recovery time the better.

If you feel like you need a hand to go through this process, reach out to your trusted IT service provider and ask them to run through the process with you.

Don’t have a trusted service provider or don’t have the cash flow to pay for such a process? The Australian Government is funding the Digitial Solutions Program for businesses under 20 employees that can help with this exact problem to assist businesses with Cyber Security planning.

If you are in South Australia, you may also be eligible for the Women in Business program to get additional hours. (Yes, you can use both programs for funding.)

Final Thoughts

For small businesses, the ability to recover after a large event such as fire, theft, cyber-attack, natural disaster etc. is an important question to ask and answer BEFORE it becomes a reality.

Having a plan to recover and get back to operating as rapidly as possible is key. Ignoring the possibility until it is a reality is a recipe for a business ending event.

Spending a reasonable amount of time to have the confidence that we could survive in the face of loss of our business-critical data and technology is insurance that is well worth the time and effort.