A new category of malware is called ransomware because it holds your files for ransom. And it doesn’t matter if you’re on a Windows or Mac computer. Some ransomware encrypts files and some only locks files. In either case, you can't get to your data unless you pay a fee, which may or may not work. Protecting from such malware and having a plan in case an infection gets through to data is essential for every church.
We recommend a multilayered protection plan that runs on your church’s email system, at your church’s firewall, on your church’s servers, and on your church’s computers. Specifically:
- Protection for your email. Most malware is distributed via email. Believe it or not, about 85 percent of all email is spam, and a lot of spam has a goal of infecting your computer. A lot of spam also tries to phish for information to steal your identity.
Most consumer-oriented email services (like Gmail) filter out a lot of the spam that comes into their system. But corporations that have their own email servers (like Exchange) need to have a good spam filtering solution in place to protect their system's users. We strongly recommend that you check to be certain your email is being filtered to remove obvious spam.
- Protection at your firewall. The second most popular malware distribution method is via infected websites. If a webhost hasn't done its due diligence to protect those visiting the websites it hosts, then malware can be injected into otherwise legitimate websites and infect those visiting them.
It is important, then, to have a firewall that monitors all incoming web traffic to stop malware from infected websites, in addition to stopping other threats like hackers and bots.
- Protection for your computers. All desktop and notebook computers are at risk if something gets through those first two lines of defense. Notebooks are especially vulnerable because of their mobile nature, since they connect to the Internet when off-site and not under the protection of your firewall. Tablets are also more vulnerable if they have data storage ability (probably not iOS devices since their filing system is inaccessible).
We recommend installing anti-malware on every Windows and Mac computer (Macs, too? you ask. Yes. Though it is true that most malware is not able to exploit Macs. Some can, but they’re a small percentage. The greater concern is that Macs can become ‘carriers’ that can pass malware and other threats on to servers or other machines).
- Protection for your servers. If something gets through your spam filter or firewall, your servers need to be protected. Every file that gets written to their hard drives should be scanned to ensure malware protection at that level.
Don't Forget Backups
One of the most important functions in IT is the protection of data and systems. If there’s a problem, there needs to be a way to get completely back up and running as quickly as possible. Backups are an essential piece of disaster recovery and business continuity strategies.
MBS did some fairly heavy research not too long ago on the subject of backup systems. Here's what we learned:
- Large networks rely on SAN devices (Storage Area Networks) in larger onsite and offsite datacenters, and their replication capabilities make backups unnecessary. Those devices typically cost a minimum of $25,000 to $30,000 each, and larger units cost six figures. (Some people try to accomplish SANs on the cheap using Drobo and Buffalo drives, but they're unreliable; in our opinion they're not enterprise grade.) For our largest clients we recommend using SAN devices.
- Online backup is good for restoring single files or folders, but is inadequate for restoring entire servers in a disaster. And disaster recovery is something that must be planned for. This is the strategy we only recommend for home computers.
- External hard drives seem like a good idea except that they have many moving parts that, when transported offsite (which should happen often as part of the disaster recovery plan), can—and often do—fail. The manufacturers will replace them under warranty, but without any data on them, this isn’t good for a disaster recovery scenario. We never recommend this strategy.
- Tape technology continues to move forward in development. Our clients typically only need LTO5 or LTO6 (Linear Tape-Open) specs (1.5-terabyte and 2.5-terabyte native capacities). Among the many backup options, we found that tape was still preferred by most of corporate America that had small-to-medium sized networks.
With the introduction of ransomware, malware has taken a new direction recently that, if you’re not protected, could cost you all of your data and a bit of money. If you determine that your system is vulnerable, the fixes are reasonable in cost and fairly quick to implement.
Nick B. Nicholaou is president of Ministry Business Services, Inc. This post is adapted from Nicholaou's original article "Protection from Ransomware" (Christian Computing Magazine). Used with permission. All rights reserved.
This content is designed to provide accurate and authoritative information in regard to the subject matter covered. It is published with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. "From a Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations."
Due to the nature of the U.S. legal system, laws and regulations constantly change. The editors encourage readers to carefully search the site for all content related to the topic of interest and consult qualified local counsel to verify the status of specific statutes, laws, regulations, and precedential court holdings.