The IRS is now warning about Ransomware


Five basic steps that may save your business from absolute disaster. Craig reviews Gartner Group’s recommendations for businesses to help prevent ransomware.

Related articles:

Use These Five Backup and Recovery Best Practices to Protect Against Ransomware

More stories and tech updates at:

Don’t miss an episode from Craig. Subscribe and give us a rating:

Follow me on Twitter for the latest in tech at:

For questions, call or text:



TTWCP-DAILY-30_2017-02-10_ Five-Practices-to-Prevent-Ransomware-Damage

Below is a rush transcript of this segment, it might contain errors.


Airing date: 02/10/2017

Five Practices to Prevent Ransomware Damage


Craig Peterson: Welcome to another TechSanity Check. Craig Peterson here. Today we are going to talk about ransomware. There’s a report that just came out from some of our friends that gives 5 different points. Your backup and Recovery best practices. This was released by Gartner. You’ll find a link to it on my website as well over at and we’ll try and make sure we put one here in this podcast too. But they came up with some great points. Some great recommendations and that’s what we’re going to talk about right now. Stick around.




Hey, welcome back! Tomorrow we are going to be live on iHeartRadio worldwide. In fact on the iHeart app as well as in the Northeast on terrestrial radio. Remember that? Yeah, yeah. AM and FM. Stereo, FM stereo. I remember when that became the big thing back in the seventies. Anyways, we’re going to talk today to our business friends here. Our business people who are listeners and I appreciate every last one of you. We’re going to talk about something that really is going to affect them and probably already has to some degree as well as our home users because ransomware is the type of thing that doesn’t care who it’s going after. There’s really 2 major categories of this stuff. There’s one category that’s like throwing out a big fat net. And that’s called phishing. So they’ll send an email out to any email address they can find. They’ll pretend they’re like Bank of America, some big bank, some big company, and they’ll try and get you to do something. Click on something. Download some software ultimately. And once that’s happened now, encrypt your computers and then they’ll hold your computer ransom. Ok? So it’s really, really bad for an individual because an individual typically doesn’t have backups. An individual can’t afford to pay the ransoms. An individual can’t even figure out sometimes what has really happened. And think about your home computer for a sec. You’ve got all of those pictures of your kids growing up, of your grandkids, of your family vacations. They’re on that computer. T hat’s very, very valuable to you. In fact, some of these guys and gals that have been doing ransomware have found people will pay more for their personal pictures, their personal family history, if you will, than they will for recovering financial information, financial data because, of course, you can always get the financial stuff back. It might take you months’ arrears, in some cases, to clear everything up. But you always can clear it. You cannot get back those pictures.


So it’s a really big deal for end users. So make sure you continue to listen. But the same thing applies here for businesses. Think about what matters on your computers and business. You’ve got your in intellectual property, right? How your processes work? Who the people are that are your vendors? Who are your customers, your sales people? Who they’re communicating with? Where in the sales process everyone’s at? Where are the proposals are? What you’ve been proposing? All of your contracts. All of your agreement. Your production schedules coming up. All of your shipping schedules. What distributors you’re dealing with? Just think about that for a minute. That is a lot, even for a small business. Every small business has almost all of the things I just listed and bigger businesses have more and they have more of it.


So the bad guys are trying to get you. So the other type of phishing attack, I mentioned just the general phishing is called spear phishing. And we talked a little bit about that the other day when we were talking about the FBI in this whole IRS scam that’s going on right now with businesses and business email where they’re trying to do a compromise or trying to

get the information. They’re trying to steal your money from your business, right? They’re trying to do bad things to you and they do it by figuring out information about your company. Who are your employees? Who are your high-level employees? Who are your financial people? Who are your HR people? Those are the ones they’re going after right now when it comes to the IRS scams.


So your financial people they’ll send an email to, pretending they’re the CEO or some high-level manager saying hey, send me all the W-2s etcetera. So they’ve got some information about you. That’s a spear phishing attack. They’re going specifically after you. Specifically after the financial person, the HR person. So those are the two major types. So let’s talk about the revenue they generate. The international authorities just arrested a group of these spear phishers who were using ransomware. And they were making about $150,000 a day doing ransomware. Now they were caught, I’m thinking last numbers I saw almost none of them are caught, but we’re getting wiser to it and the government is trying to cooperate.


So ransomware is a very, very a big deal. And that ransomware money a hundred and fifty grand a day really gets people excited, right? Yay! Huge, huge revenues for criminals. So these attacks are expected to continue to intensify both in the number of attacks going on and in the sophistication of the attacks. And again here’s another thing I should, I should write about tonight. I’ve already done some notes and we’ll see how it goes here. Let me know if this is something you think would be of interest and I’ll be sure to let you in on it. But let’s talk about the recommendations here. These are recommendations as I said from the Gartner Group. Very smart people. They know what’s going on. They’ve done a lot of studies on this whole problem. It boils down to 5 things that we’ll touch on briefly here and I definitely am going to do… we’ll do a webinar something for our business listeners so that you guys can find out a little bit more. We’ll go in depth. In fact, I spoke a lot about this at two different conferences. I was a keynote speaker here like couple months ago. And I spoke a ton about it coz it is such a big deal. And if you have an organization like me to speak at let me know. I’ll be glad to do that.


Okay, so here we go. Number 1, make sure that your organization, coz remember they’re not just going after businesses. They’re going after nonprofits. They’re going after towns, municipalities, police departments. And the list goes on and on. Make sure your organization has a single dedicated crisis management team. So when something happens,  who are the members of the team? That they’re going to deal with it. And that’s really, that’s our first point and that’s probably one of the most important points. Okay?


Now, next one, make sure that your entire organization has an endpoint backup product. Now an end-point backup product is something that runs on each one of your computers and backs them up. So every laptop, every desktop, every server. So every one of them needs to be backed up. Now that doesn’t mean that you have to have an external little backup drive and little backup software for every computer. In fact you probably don’t want that. If you’re a slightly bigger organization that’s impossible to monitor. And we found that true, to be very, very true on the Apple side. People just can’t monitor the Apple systems. Making sure they’re getting backed up. We ended up at Mainstream. We developed a product just to monitor to make sure the backups are happening, that let people know when they haven’t happened within, you know, a certain period of time. So you’ve got to have an endpoint backup product and protect everything. All your work stations, all your devices.


The third point here, build a list of storage locations that users can connect to, that are inherently vulnerable. So think about your user community. There is a lot of IT, a lot of information technology in use today in our businesses that does not go through the Information Technology department. Think about what people are using. Are you using Microsoft Office 365? Are you using Box or Dropbox? And by the way we… I’m a reseller of both and Dropbox, wow. They’ve really done some amazing things recently for businesses. I really like what they’re doing. Think about the sales guys. Are they using How about your accounting people? Are they using QuickBooks online or some other accounting software? Think about all of those places. Think about that now, those are outside your business, think about inside your business. What kind of file shares do you have? Do you have an exchange server? And if that exchange server is hacked, we gotta know about that. But first get a list of all of those storage locations so that you can examine it.


Point 4, evaluate the impact to your business. If some or all of your data was encrypted, what would happen if one computer, for instance, was no longer accessible? Look at it that way. If that computer, the hard drive crashed it was it was lost and you know what nowadays, frankly, ransomware may be a higher risk than even a hard drive crash. There’s a lot of attempts going on. Thank goodness it don’t get through every time. But what would happen to your business here if your data was encrypted? So going back to the list we just made. If you have file shares on your server, your storage server, and one of those is encrypted, are your people going to be able to work? Are you going to be able to ship your products? Are you going to be able to even contact your customers to let them know that your products aren’t coming because those customer records are maintained on the system that was using that file share? Ok. This is a very, very big deal. A very, very big deal.


You need to adjust what are called Recovery Point Objectives. RPOs. You have to adjust those so that any of your data that’s of a higher value and of a higher risk gets backed up more frequently. Ok? I think that makes pretty much sense. Now you also want to, point number 5, align with information security, your IT disaster recovery and your network teams so that you have a unified incident response that focuses on resiliency as well as prevention because no matter how good the prevention is something can and will get through. We see it all the time. It’s called zero-day attacks. The NSA, our National Security Agency, relies on the zero-day attacks to hack our enemies and to hack other people as well. These are used all of the time and they’re being used more and more in ransomware attacks. Zero-day attacks. So you can’t always prevent them.


Now as I’ve said before and I keep bringing up my company Mainstream, I think we’re a pretty good example here. We are the leading company in the nation right now for providing security. That’s almost 100%. It’s incredible what were able to do using some of the absolute best tools out there. From Cisco. From many others. We have a 200-person just incident response team that is constantly looking at hacks that are underway. The email attacks, everything. It’s just phenomenal. Even with a team like this you’re not one hundred percent. Even with the types of firewalls we have, the next-generation firewalls that are actually looking inside the data packets, reconnecting everything, reconfiguring everything. Even with that it’ll still get through. So that’s why you have to focus on resiliency. So if you lose this critical component, what are you going to do and how are you going to recover?


Lots of great information here. You can find some of it on my website, Make sure you get on my mailing list. I’ll let you know when I have some of these little mini books done on these different topics we talked about on the dailies because we’ve had a lot of interest. You can also text me with any questions directly, 855-385-5553. I totally appreciate you guys being with us. I love it and I love hearing from you as well. Hope you have a great day and a great weekend. Tune in this weekend. If you just text my name, Craig, to my number, my text number, I’ll know that you want to be on my insiders’ list and I will send you out a text with the link so you can listen to my live show on Saturday anywhere in the world. Again, just text Craig to 855-385-5553 and we’ll talk on Monday with another Daily. A little sanity check does everybody good. Take care. Bye bye.


Don’t miss any episode from Craig. Visit Subscribe and give us a rating!

Thanks, everyone, for listening and sharing our podcasts. We’re really hitting it out of the park. This will be a great year!