Cyber criminals have stepped up their game, especially with the massive increase in employees working remotely due to COVID. Ransomware in particular has snowballed into an unprecedented assault on American as well as global businesses.

As the #1 rated Managed IT Services firm in the IT Support Los Angeles Community (#14 worldwide) according to the prestigious ‘Channel Futures MSP 501’ global rankings, we at IT Support LA have long insisted on the most stringent Cybersecurity defenses for our clientele – in fact, adherence to this standard is not only mandated and expected from our field technicians and IT HelpDesk personnel, but of prospective clients as well.

There are many factors that go into top-notch Cybersecurity defenses – most of it is supplied by IT Support, BUT the end-users in our clients offices bear an amount of responsibility as well. Over 85% of all successful Ransomware attacks are caused by an end-user falling for a Phishing Scam – opening an attachment or clicking a link in a malicious email. Ongoing Security Awareness Training, just like Cybersecurity itself, is not an option – it is a must.

We at IT Support LA know that, even with our safeguards in place, a Ransomware attack is not a matter of IF, but of WHEN. Once the attack happens, our Backup and Disaster Recovery plan launches immediately – our system isolates the malware, shuts down the infected device(s), wipes them clean and reinstalls the data from our secure backups – with typically only a couple of hours of lost productivity for the device(s) affected.

Immediate action and reliable, secure backups are the remedy for an attack, but the best answer to an attack is to limit its possibility of occurring – through good Cybersecurity practices.

What are cybersecurity best practices?

In the order of importance, we start with the #1 foundation, the bedrock of any successful thwarting of a cyber-attack, whether Ransomware or any other type of data breach or hack:

1) Backup and Disaster Recovery. It is the ultimate answer to any attack. Your IT services crew should have a written step-by-step plan that is followed to a tee in the event of a cyber-attack. Once isolated and stopped, it’s time for secure backups to take center stage. Depending on how your system is set up – either locally or with network operations in the cloud, these three types of backups are necessary:
Local Backup
Cloud Backup
Cloud to Cloud Backup

2) Next Generation Network Security. This consists of the best Firewalls, Anti-Virus (AV) spam and email filtering, with an impeccable system of alerts that go straight to the IT HelpDesk in the event of an intrusion. All aspects of security must be constantly updated – the cyber crooks aren’t using the same code they used 10 years ago, so you cannot rely on a 10-year-old firewall.

The same goes for every aspect of your network security. Running unsupported Operating Systems such as Windows XP or Windows 7, is like leaving a door permanently open for hackers to stroll through and wreak havoc on your entire system. Update, Update, Update!

3) Security Awareness Training. Your network is your castle, your fortress walls are your Firewalls and your moat is your Anti-Virus. What good is any of that if an untrained employee opens the castle gates and lowers the drawbridge? End-users are the weakest link in your defensive chain. Educate them through ongoing training: twice a year at least.

4) Strong Passwords and Multi-Factor Authentication. Please refer to our tutorial on this site ‘Creating Strong Passwords’. After the initial strong password, use Multi-Factor Authentication – the simplest of which are several questions such as ‘What is your mother’s maiden name?’ Thumbprints or even retinal scans are among the other methods you can use to make access to your system more secure.

In addition, if employees log into the network from a variety of devices: desktops, laptops, smart phones or tablets, Two-Factor Authentication (2FA) must be employed. When logged in from a different device, the 2FA sends a code that the end-user must enter in order to gain access.

Whether company issued or ‘BYOD’ (Bring Your Own Device) ANY device that is allowed access to the network must be made secure by the IT services team. Field employees must be trained not to use unsecured Wi-Fi – hackers are known to park outside of a Starbucks just to see who they can hack into on the free Wi-Fi.

Your IT support team must have Remote Wipe capabilities on EVERY device used in the field that connects to the network. In the event of loss or theft, the ability to remotely delete important data is crucial.

5) Location Security
The physical security of your office may not seem to have a direct impact on your Cybersecurity, but it makes sense that nobody is allowed to enter your office through unlocked doors. They can enter while the receptionist is on break – maybe she keeps her network password on a post-a-note stuck to the bottom of her monitor; perhaps there is client information on the desk.

Not only can someone find information that allows them to breach your system, but they can certainly steal whatever they find.

Security cameras are a must these days. Do not allow anything to transpire in your office without someone overseeing the activity of visitors.

Frequently Asked Questions

Q: What is poor Cybersecurity?

A:  The number ONE mistake business make is not understanding the threat. All other mistakes stem from that. It must be understood that cyber crooks are hunting everyone – not just massive companies. On the average 85% or more of all Ransomware attacks are leveled at Small and Mid-Size Businesses (SMBs). You are not immune. Not at all.

Please see our page ‘Cybersecurity Dos and Don’ts’.

Q: What is the success rate of ransomware?

A: According to a report by Sophos called ‘The State of Ransomware 2020’, 73% of attacks are successful, although 94% of those affected did get their data back - 26% by paying the ransom, which indicates that the other 74% had reliable backups and a solid Disaster Recovery plan in place.

Q: Should I pay a ransomware?

A:  According to the FBI: “The FBI does not support paying a ransom in response to a ransomware attack. Paying a ransom doesn't guarantee you or your organization will get any data back. It also encourages perpetrators to target more victims and offers an incentive for others to get involved in this type of illegal activity.”

Q: Can ransomware destroy a company?

A: in 2019, 60% of companies that suffered a loss of data for a minimum of two weeks declared bankruptcy within a year. The 12-month fail-rate figures for 2020 are not yet available.

Q: Is it possible to prevent ransomware?

A:  NO. Even with the best security defenses, Ransomware can get in – usually due to untrained employees clicking on malicious links or attachments in emails. Consult with your Managed Services Provider to make sure your Backup and Disaster Recovery plan is in place and bulletproof.

IT Support LA can take care of this for you:

Your Free Network Security Assessment is waiting for you, with NO obligation to ever use our full Managed IT Services. There are no strings, and the comprehensive report we produce is yours to keep. Either fill in the form on this page or call us at: