Cyber criminals are increasingly turning to ransomware as a form of blackmail to exploit public and private enterprises. It’s estimated that the cost of ransomware attacks will total over $1bn this year – and researchers warn that the problem is only going to grow. Hackers are not only increasingly sophisticated, but also getting bolder in their approach and so the most insidious computer crime today doesn’t involve viruses or stealing credit card numbers but comes in the form of ransomware. These rogue programs have the ability to hold an entire organisation’s data hostage with unbreakable encryption, while the cybercriminals demand a ransom for the decryption key.
These attacks are becoming increasingly common. In the past few months alone, new and more powerful ransomware has appeared, with criminals targeting sensitive entities such as NHS hospitals and local councils. In fact, almost 30 NHS trusts admit that they have been the victims of ransomware attacks in the past 12 months, while 30% of UK councils were victims of ransomware in 2015.
The reasons for ransomware flourishing are two-fold.
Firstly, basic economics. Stealing credit card details and selling them on the black market can be time-consuming with a potential payoff of less than a dollar per card, so cybercriminals are turning to ransomware to sit back and wait for victims to pay up. Less work for greater returns!
Secondly, ransomware is very difficult to avoid. A single click within an email or website is all it takes for an unsuspecting employee to activate the code that encrypts an entire system and triggers a ransom demand. Even if an enterprise has the most updated anti-virus software or access restrictions on sensitive files, it remains vulnerable to ransomware via just one unsuspecting user.
However, all is not lost. Organisations can take steps to mitigate the effects of attacks and recover normal operations in minutes or hours – if the proper precautions and recovery plans are in place. The most important recovery element is real-time protection of data, which means backup copies of all files and data are stored securely off-site rather than on local servers. In order for this to be effective, it needs to be accomplished automatically, whereby a copy is made every time a file is edited or saved. Backups like this let a business “roll back” to the moments before a ransomware attack and recover all its files – even in cases where the ransomware has migrated across the local network and servers.
To do this, the software or service a business uses to create the backup must be capable of excluding all encryption files known to be associated with ransomware. Businesses need to avoid restoring the files that delivered the ransomware in the first place.
Last but not least, businesses need an effective retention policy – whether that is to retain deleted files forever or for a specified time period. Establishing a retention policy will allow the business to retrieve the original files after the ransomware attack. This is an integral part of any recovery plan as it removes the need for costly recovery processes, which are often time-consuming, meaning the business can be up and running again with the least disruption to the operation.
In today’s technological age cybercriminals are an unfortunate reality. Businesses therefore should think ‘not if, but when we are attacked’ and take all the necessary precautions to ensure that the attack causes the least amount of damage to the business. By being aware and maintaining the right backup strategy, your company can minimise the damage from these attacks and turn the tables on this latest generation of attacks.
Read original theCsuite.co.uk article written by Brian W. Levine, Syncplicity Security Officer here.
To say ransomware is a growing threat is an understatement. With multiple public warnings from US and European law enforcement, a growing tally of high-profile incidents, and new guidance on HIPAA breach notifications, business leaders across industries are justifiably nervous. While there is no foolproof way to prevent an attack, there are measures you can put in place today to better defend against this new and very destructive type of malware. Additionally, when an attack does slip through the defenses, a quick recovery is possible if you have a solid remediation plan in place.
As the saying goes, ‘an ounce of prevention is worth a pound of cure’. With that adage in mind, here are a few practical guidelines you and your organization should implement today, to get the maximum ransomware prevention and recovery mileage from Syncplicity. Be sure to check out the links below for detailed instructions to implement these tips.
Back-Up Files in Real-Time
While there is no single solution for preventing ransomware attacks, a consistent recommendation from experts across the industry is ‘Backup, Backup, Backup’. For most enterprise users (and consumers), that’s easier said than done. It’s a behavior that often requires extra manual steps and backup jobs that usually never complete. However, with Syncplicity, continuous backup is easy and seamless. Files and folders are backed up automatically in real-time, meaning you start syncing all your folders just once and move on, eliminating worries about data loss.
Utilize Multi-Folder Sync
Our unique EFSS feature, Multi-Folder Sync, allows users to back up every folder on their desktop automatically. The design of this features allows users and admins to sync all files and folders in place without moving them to a “magic folder.” In the unfortunate event your company or a user is breached by ransomware, they have back-ups of every file in every folder on Syncplicity, not just the few files they remembered to copy to the single “magic” sync folder of other EFSS solutions.
We recommend that you educate your users to sync all their critical files and folders, including Desktop and My Documents. As an administrator, you also have the ability to proactively specify the sync of any desktop folders to ensure that your corporate users are safe.
Establish an Enterprise Retention Policy
The most common ransomware variants attack by deleting files and replacing them with renamed encrypted versions, or by retaining filenames and encrypting the contents in place. In both cases, Syncplicity retention policies will enable you to ensure the files can be recovered.
The Syncplicity deleted files retention policy allows you to retain deleted files forever or for a specified time period, so that your original files can be retrieved after they are deleted by ransomware. Administrators should also review your file versions retention policy which controls how long prior versions of a file are saved after they have been edited or overwritten.
Exclude Risky File Types
To contain and stop the spread of an attack, administrators can block problem file types from syncing. Syncplicity File Type Exclusion Policy gives you the ability to preemptively block known crypto document types, for example those with the .locky and .crypt filename extension, and also block potentially malicious executables such as .vbs, .scr, and .exe.
Eliminate or Reduce Email Attachments
Ransomware often enters a system via email when a user unknowingly sets it loose within the organization by opening an infected attachment. One way to reduce your organization’s risk is to train employees to use Syncplicity to share links to files rather than opening documents directly from their email clients. The Syncplicity Outlook Add-In automatically transforms email attachments to links or users can copy a Syncplicity shared link into the body of an email message.
Establish a Recovery Plan
The restoration process after a ransomware attack can be time consuming and costly resulting in significant business impact. The attackers are betting that you’ll pay the ransom to get business moving again. However, with Syncplicity, the most critical component of your remediation strategy, recovery of the locked files, is covered.
With your retention policies and multi-folder sync now in place, users can restore files to prior unlocked versions and restore deleted files using the Syncplicity interface.
Enterprises that have been hit with system-wide breaches impacting multiple users and thousands of files should contact Syncplicity for assistance.
As the ROI continues to be attractive for attackers, it will likely be some-time before the current wave of ransomware attacks subsides. By following industry guidance and the strategies outlined above you can avoid being the next victim in the headlines.
April 2016 has been an exciting month for the privacy community! Legislators in Europe up-voted the General Data Protection Regulation (GDPR), down-voted EU-US Privacy Shield and wait for it… Syncplicity quietly launched European Cloud Storage!
Syncplicity is excited to announce the general availability of European (EU) Cloud Storage. This enables Syncplicity users to choose the physical location of their cloud file storage to meet regional privacy and data sovereignty concerns. With a single-click, customers define their preferred cloud storage region and enterprise admins can configure multiple storage locations for their global user-base.
Data Sovereignty has become increasingly important amidst the wake of Safe Harbor, and companies need cloud solutions that enable them to maintain the highest levels of visibility and control over their data. While data regulators have rejected the EU-US Privacy Shield agreement, global enterprises must ensure they remain in compliance with regional privacy laws, protect employee personal information, and preserve the confidentiality of valuable corporate intellectual property.
Syncplicity enterprise customers have always had a choice for their storage region with hybrid cloud StorageVaults, and our new EU Cloud Storage option provides additional capability to scale quickly and meet global information governance requirements.
A First for the EFSS Market
Syncplicity’s model is unique in providing a ‘single pane of glass’ end-user experience, while providing maximum visibility and control for IT to choose the right storage location, based on national sovereignty, data sensitivity, and other business logic.
Within a single enterprise account, admins can define multiple storage policies for their global deployments, leveraging on-premises storage, private cloud, and Syncplicity’s cloud storage within a single seamless user experience. Folders and files can be securely shared globally, while maintaining control of where the data is stored and who owns the content.
End-users are able to access data in multiple storage locations and access shares from multiple companies, with a single log-in. Similar offerings in the market require end-users to create multiple unique accounts for each storage location, which results in account sprawl, a broken user-experience, and a nightmare for IT governance.
In contrast to Syncplicity, cloud-only EFSS providers do not offer the flexibility to use private cloud, public cloud, and on-premises storage within a single account - with popular cloud-only solutions, enterprises are forced to move all of their data to a multi-tenant public cloud for storage and processing, which opens potential for data leakage and breach of confidentiality.
Enabling Global and Mid-size enterprises to adopt the cloud
Syncplicity’s data governance model is especially appealing to large enterprises with business operations and employees located around the globe. Mid-sized enterprises that do not have the resources to manage a hybrid cloud are excited to have a regional cloud storage layer that allows them to rapidly deploy and scale.
While model clauses and binding corporate rules provide the legal framework for meeting European Data Privacy Regulations, Syncplicity’s Hybrid Cloud and EU Cloud Storage provides customers the highest level of control over the physical and logical security of their data.
The feature is generally available and included with Personal, Business, and Enterprise Edition. Additional details on how to configure EU Cloud Storage for your account are available here.
While we have consistently led the EFSS market in offering true security and privacy controls, we are excited to add EU Cloud Storage as the latest component in our architecture. Combined with our policy driven hybrid cloud, group-based security policies, integrated rights management, and zero-content-knowledge StorageVault Authentication, EU Cloud Storage is an integral part of a multi-layered approach to data governance, privacy, and security.
In the coming months we have many more exciting enhancements on our security roadmap and I look forward to keeping you updated!
Navigating the choppy waters of Europe’s data protection requirements can be a daunting task for any global enterprise. The good news for Syncplicity customers is that it’s business as usual. Nothing has changed for our customers since the European Court of Justice (ECJ) invalidated the Safe Harbor framework. Syncplicity has always provided enterprises with policy-driven hybrid-cloud storage, allowing data to reside in any region of choice. In fact, our flexible architecture allows global enterprises to conduct business based on their corporate requirements as well as government regulations.
In addition to our market-leading hybrid-cloud solution, today we are announcing Syncplicity’s European Cloud Orchestration to give customers even more visibility and control of their critical data. Syncplicity also includes Model Clauses in its Cloud Services Agreements, providing a legal framework to uphold the fundamental privacy rights and safeguards of the European Union.
European Cloud Orchestration
Data sovereignty concerns are not new and Syncplicity has continually seen strong adoption by European enterprises wanting to leverage private regional clouds for their sensitive data.
Syncplicity European Cloud Orchestration expands on our privacy and security advantages by ensuring that no personal information or file meta-data is stored or processed outside of the European Economic Area (EEA). With this architectural enhancement, enterprises will be able to address data transfer concerns by ensuring that data created in Europe stays in Europe.
European Cloud Storage
Organizations already have the ability deploy on-premise storage in their region of choice. To further our commitment to global organizations, Syncplicity will now add a cloud storage option, managed by Syncplicity, in Europe. Administrators will be able to easily select the storage region , without additional configuration or set up.
Many enterprise customers are already leveraging the hybrid cloud for increased visibility and control of their data. This option provides a seamless user experience while employing multiple storage architectures behind the scenes, such as public cloud, private cloud, and on-premise storage.
The Syncplicity Data Protection Agreement also incorporates the European Commissions’ Model Contracts for the transfer of personal data to third countries. With the inclusion of Model Clauses, our customers remain in compliance when transferring personal data from the EU/EEA.
While other EFSS solutions claim to provide privacy and confidentiality, Syncplicity continues to deliver advanced features that enable global enterprises to meet regional data protection regulations. In fact, Syncplicity offers the industry’s most flexible and robust architecture for ensuring data privacy and security. Starting today Model Clauses are available to all of our customers, and the European Cloud Orchestration and European Cloud Storage options will be coming in 2016.
For more details on how Syncplicity helps global enterprises comply with European data protection regulations, join Syncplicity on Nov 18th for a 30 minute webinar.
While many SaaS businesses are scrambling to respond to the latest decision by the European Court of Justice (ECJ), at Syncplicity it is business as usual for customers that wish to store data locally, in their region of choice. In case you missed it, on October 6, 2015, the ECJ issued a ruling, which invalidates the long-standing US Safe Harbor framework, which allowed companies to transfer personal data from the EU to the US.
While the latest ruling does not make data transfer from the EU to US illegal, it creates uncertainty for companies working with US cloud providers that do not provide European cloud storage options.
The good news for Syncplicity customers is that it is business as usual. Syncplicity has always provided enterprises with a policy-driven Hybrid cloud, which enables organizations to determine which data is stored in a public cloud, which data is stored in a private cloud, and under which national sovereignty that data should remain. By choosing the physical geography of their Syncplicity StorageVault, customers that store personal information may avoid the concerns of transatlantic data transfer.
Organizations looking to leverage the cloud should ask the following questions when selecting an Enterprise File Sync and Share (EFSS) or Cloud Content Management solution.
• Does the provider offer a choice of storage location? Most SaaS providers do not offer a choice of where the data should physically reside. Syncplicity does not believe in a one-size fits all approach. Multi-nationals and State agencies need the flexibility to retain data in the region of their choice. Syncplicity’s policy-driven Hybrid cloud solves the challenge by allowing customers to use the right storage location based on the end-users’ personal characteristics such as business role or nationality.
• Are files stored in a public, multi-tenant cloud or in a private, single-tenant cloud? While some vendors are scrambling to react and planning to offer cloud storage in European data-centers, it is clear that their customers’ data will be collocated and compute resources will be shared with many other parties. Syncplicity’s Hybrid StorageVault allows maximum visibility and control by providing a private, single-tenant cloud to host sensitive datasets.
• Does the cloud vendors’ security model scale to the size of your business? Storage choice is irrelevant if your provider’s access control rules follow a one-size-fits-all approach. Syncplicity’s group-based policies provide the flexibility to set more secure rules on sensitive business groups such as the C-Suite and Engineering, while allowing a more open sharing model for customer-facing Sales and Marketing teams.
• Is the vendors’ cloud the single source of truth for authentication and authorization? While all cloud service providers offer single-sign-on (SSO), Syncplicity’s StorageVault Authentication adds a unique, secondary control to verify the end-user’s identity. Which means if the integrity of the cloud authentication is somehow compromised, your private data is still secure and cannot be accessed by a privileged insider or government agency.
Our many European customers have been down this decision path in anticipation of the latest Safe Harbor ruling. In addition to these controls, customers have reviewed our standards for handling personal data and performed their own in-depth security analysis on our systems.
We continue to work closely with our customers’ Legal and Privacy teams throughout Europe to determine what additional capabilities we can provide to best meet their legal requirements. We are confident we will continue to lead the industry in 2016 with our cloud architecture and the choice provided by our Hybrid Cloud.