Tim Hortons Hit By Ransomware
The value and reputation of a popular Canadian restaurant chain have been negatively affected by a ransomware attack.
One of Canada’s most popular coffee shop chains, Tim Hortons, was recently hit with a ransomware attack. Although they say that their customer data wasn’t breached, the cyber attack caused many of Tim Hortons’ locations to suffer computer outages. As a result, 1,000 of their shops were affected, and many had to close their doors.
Tim Hortons’ members of the Great White North Franchisee Association asked the head office to compensate them for their losses. A letter from their law firm reports, “The business interruption includes inability to use some or all of the issued cash registers and [point-of-sale] terminals, causing partial and complete store closures, paying employees not to work, lost sales and product spoilage… [the hack] is causing tremendous downward pressure on the value the Tim Hortons brand”.
According to IT experts, small businesses are even more vulnerable to the devastating effects of ransomware than their larger counterparts.
Last year, Datto published a report about ransomware and its devastating effects on small businesses. It revealed that they are extremely vulnerable to ransomware attacks. Ransomware is a malicious computer virus, the threat of which has grown to epidemic proportions. It holds your data hostage until you pay a ransom. As you can see with Tim Hortons’ restaurants, it caused significant downtime, data loss, and financial costs. Plus, it damages the reputation of every business it hits.
Downtime from ransomware costs small businesses an average of around $8,500 an hour.
Security Awareness Training Is the First Step Towards Protection
Hackers work 24/7 to obtain access to your confidential information, and using ransomware is one of the easiest ways for them to do this. It’s easier for them to trick your employees than it is to break into a well-secured IT system.
Ransomware succeeds via phishing attacks, in which employees are convinced to click a malicious link. Once they do, the virus enters their computer and locks down all the data. Good employees make mistakes – if they aren’t properly trained to recognize a cyber threat, your network and business are vulnerable.
Today’s security solutions are no match for ransomware. This is because the criminals get into your system via your employees’ negligence. Malicious emails coupled with a lack of employee cybersecurity training is the leading cause of successful ransomware attacks.
The best way to protect your business from cybercrime is by instituting enterprise-wide Security Awareness Training.
Ask your IT Managed Services Provider (MSP) to conduct regular Security Awareness Training for you and your employees.
Security Awareness Training is a formalized training conducted by IT professionals who are up to date on the latest threats and how to mitigate them. When conducted properly, Security Awareness Training for your employees will reduce the risk to your organization’s information and IT systems and limit the chance of a data breach.
It’s essential to train your employees to recognize phishing emails and know what to do if they receive one. Make sure they know how to avoid common dangers like opening attachments from unknown senders. Every employee should participate in this training. Make sure that your IT provider holds refresher courses, as threats are constantly changing.
1 in 4 of those who pay a ransom never recover their data.
This is why many security organizations urge victims not to pay.
Backup Your Data to a Reliable Source.
A ransomware attack can hold your data hostage and paralyze your business just like it did for Tim Hortons. That’s why having a reliable backup solution both onsite and via the cloud is crucial. Ask your MSP to provide regular onsite backups of your servers and IT assets, and an offsite backup of the same to a secure cloud facility.
Work with your MSP and answer the following questions so they can provide the best backup solution for you:
How critical is the data you store?
This will help your MSP determine when and how it should be backed up.
- For critical data that includes databases, you’ll require a backup plan that extends over a number of time periods.
- For confidential information, your backup data should be physically secure and encrypted.
- For less critical data, an extensive backup plan isn’t required. However, you should still regularly back up your data and ensure it is easily recoverable.
Do you need to back up your backup?
If you use large servers, your MSP should create an image of them so your data can be retrieved immediately. Remember, backups can fail, so it’s important to back up your backup.
Do you test your backups to ensure they are readily recoverable?
No matter how comprehensive your backup plan is, you’ll never know if it actually works unless you test it. Avoid potential backup failures by asking your MSP to regularly test the recoverability of your data backups.
How long can your business survive if your data isn’t available?
It’s important to consider this possibility. It could be a while before your data can be retrieved if it isn’t stored properly. For some, this means weeks without their data. However, your MSP can provide a proper extensive backup solution so that you can retrieve your data within minutes. Time is an extremely important factor.
Every minute of lost productivity will cost you. Not only in terms of money, but in regard to your credible reputation with clients or customers. This is what happened to Tim Hortons.
You should regularly back up your information to the cloud to protect against data or financial loss if you’re hit with ransomware. Just like you need this protection in the event of a power loss, accidental deletion of data, or a disaster that destroys your servers, you need it to protect your business from ransomware attacks.
100% of the MSPs surveyed by Datto believe that if their small-business clients had a backup and disaster recovery (BDR) solution in place, they would have been able to recover their data.
Don’t wait until a ransomware attack locks up your data. Get in touch with a reliable cybersecurity expert today that will equip your business with an effective backup solution.