Editor's note: Greg Bangs is avice president at Chubb

Cybercrimes can cause significant financial harm. And just whencompanies think they've considered all the ways to mitigate cyberexposure, savvy online criminals create new ways to hack intosystems.

Recently, cyber criminals have moved beyond stealing employeeinformation or company credit card numbers. Instead, they've turnedto a prize that they consider bigger and better: proprietarydocuments housed on company computers.

CryptoLocker is a sophisticated malware that utilizes public-keyencryption, a type of cryptographic system. The way the systemfunctions is that a set of keys is created. One of the keys ispublic, and one is private. The public key is used to encrypt theinformation, and then the private key of the same pair, only knownto the recipient, is used to decrypt the information. Thecryptographic system at its origins is the antithesis of malware;it provides increased security as parties can encrypt and decryptmessages without having to share passwords.

Read related: "Windows XP Slams Shut on Small Agencies."

CryptoLocker doesn't discriminate; companies large and small areat risk. Cyber threats pose a great deal of bottom-line risk to acompany, from intellectual property concerns, to reputationaldamage. The lack of a comprehensive and swift response to aCryptoLocker breach can be crippling, and, thus, necessitates aproactive mitigation approach that can minimize post-attack damagecontrol. 

In the case of CryptoLocker, cyber criminals have capitalized onthe idea of using a private key to penetrate company systems.

Infiltration begins when a cyber criminal sends what appears tobe a legitimate email with an attachment to an employee. When theemployee opens the attachment, they unknowingly release theCryptoLocker virus into their computer—and potentially into thewider network. All stored files are immediately held hostage(encrypted) by public key cryptography. The only way to regainaccess to the files is to pay a ransom in a digital currency orstored value debit card to the hacker, who will then provide theprivate key necessary for decryption.

Read related: "CryptoLocker vs. Your Company."

This fairly simple concept is proving lucrative to cybercriminals. According to Dell SecureWorks, criminals collected more than $30 million inransom in less than 100 days. Typically, the ransom is only a fewthousand dollars, which, for now, seems to be a palatable price topay for companies to free their information. A 2014 surveyconducted by the Interdisciplinary Research Centrein Cyber Security at the University of Kent identified thatjust under half, or 41%, of those infected paid theransom. 

Battling cyber criminals isn't easy, but it's not impossible.There are a variety of ways business owners and IT professionalscan bolster their cyber defenses:

• Improve interdepartmental communications:Infected emails are frequently disguised as legitimate FedEx or UPStracking notices. Before opening attachments, employees shouldverify shipments with the distribution department to ensureauthenticity. If the shipping department has no records on file,employees should delete the email and notify IT.
• Routinely back up computers: Although backingup a computer is always critical, it's also important to use theright type of system to do so. A "hot" backup system allows usersto work in the network while files are being continuously updated;however, as the system automatically saves files, it risks backingup encrypted documents. A "cold" system operates when employees areoffline, typically during overnight hours. Because employees areoffline, the likelihood of an encrypted file being backed up isminimized. Many company computers often follow standardcompany-wide backup protocols, and an employee may not have theoption to choose a cold system. In this case, ensure that theversioning function of the hot system, which directs the system tosave several copies of the same file, is turned on. This helpsprevent file loss because an encrypted file will be saved alongsideits clean version, rather than replacing the clean document withthe encrypted copy.
• Build from the ground up: A carefully designedsecurity system implemented early on is better than a system thatis designed in response to a cyber breach. As companies are oftenprimarily focused on business efficiencies and not security,involving an outside security professional when designing the ITinfrastructure can help ensure companies are protected from endtoend.
• Go with your gut: In the event of a breach,there are also a variety of steps companies can take before makingthe decision to pay the ransom. While many CryptoLocker attackswill warn employees not to go offline, shutting down an infectedcomputer can sometimes be the most effective means to halting thevirus' replication process. While some files will still beencrypted, if you can shut down and unplug in time, you can oftenprevent the virus from entering other network-affiliatedcomputers.

Even if best practices are in place, preparation and riskmitigation is often not enough to prevent loss in the event of acyber attack. In times like these, it's important to have abusiness continuity plan in place. When reviewing insurancepolicies, make sure your policy has specialized coverage for cyberextortion risks. Such a policy shifts the risks associated withpaying ransoms and associated expenses, including additionalsecurity consulting, crisis management and public relationscosts.