Advice on avoiding the impact of a ransomware attack on your retail business

Ransomware / malware can come in many forms. Every computer connected to a network in any way is at risk.

There is no guaranteed protection but there are important steps to take. This advice sheet provides advice designed to reduce the risk to your business. Ransomware often comes in the form of a harness looking business email, seeking you to click on something that makes sense.

Often, if the recipient clicks on the attachment in the email, the ZIP file, on a PC running Windows they would have been locked out of the computer and subject to ransomware.

A ransomware attack is where money is demanded to unlock your computer. Often, the computer is not unlocked even after a payment is made.

More and more businesses including small business retailers are being affected by these malicious attacks, they are being locked out of their businesses.

You can reduce the opportunity of being hit by an attack by taking care with emails.

If you are not sure of the sender, ignore the email. Tell everyone who has access to your email. Lay out your ground rules and demand discipline.

Here is our best-practice advice to protect against Ransomware:

1. Ensure you use professional, up to date, virus protection.
2. Ensure you have a good firewall with strong settings.
3. Do not click on emails or attachments unless you are sure of the sender.
   1. Be particularly wary of ZIP files in emails.
   2. The ATO will not email you.
   3. Your bank will not email you.
   4. Australia Post will not email you, not like the example I have posted.
4. Ensure all passwords you use are strong.
5. Consider using an email filtering facility.
6. Do not allow remote access to your computer unless you are certain of the person accessing.
7. Ensure you have strong passwords. A strong password should include: some CAPS, some numbers and at least one special character.
8. Change your password regularly.
9. Run an up to date operating system.
10. Have rules on computer use: no games, no online gambling, no porn, no personal emails.
11. Have an overarching rule: do not open any email or go to any website unless you are certain.
12. Use a cloud backup service like the Tower backup service. This provides the fastest recovery.
13. Have multiple backup devices for additional protection.
14. Do not use automatic file replication programs / facilities such as Dropbox or Google Drive. If a file is encrypted with malware / ransomware it will upload to the account and infect other files.

Most ransomware attacks can be avoided by careful scrutiny of your emails and websites you visit.