Cybercrimes can cause significant financial harm. And just whencompanies think they've considered all the ways to mitigate cyberexposure, savvy online criminals create new ways to hack intosystems.

Recently, cyber criminals have moved beyond stealing employeeinformation or company credit card numbers. Instead, they've turnedto a prize that they consider bigger and better: proprietarydocuments housed on company computers.

CryptoLocker is a sophisticated malware that utilizes public-keyencryption, a type of cryptographic system. The way the systemfunctions is that a set of keys is created. One of the keys ispublic, and one is private. The public key is used to encrypt theinformation, and then the private key of the same pair, only knownto the recipient, is used to decrypt the information. Thecryptographic system at its origins is the antithesis of malware;it provides increased security as parties can encrypt and decryptmessages without having to share passwords.

CryptoLocker doesn't discriminate; companies large and small areat risk. Cyber threats pose a great deal of bottom-line risk to acompany, from intellectual property concerns, to reputationaldamage. The lack of a comprehensive and swift response to aCryptoLocker breach can be crippling, and, thus, necessitates aproactive mitigation approach that can minimize post-attack damagecontrol.

In the case of CryptoLocker, cyber criminals have capitalized onthe idea of using a private key to penetrate company systems.

Infiltration begins when a cyber criminal sends what appears tobe a legitimate email with an attachment to an employee. When theemployee opens the attachment, they unknowingly release theCryptoLocker virus into their computer—and potentially into thewider network. All stored files are immediately held hostage(encrypted) by public key cryptography. The only way to regainaccess to the files is to pay a ransom in a digital currency orstored value debit card to the hacker, who will then provide theprivate key necessary for decryption.

This fairly simple concept is proving lucrative to cybercriminals. According to Dell SecureWorks, criminals collected more than $30 million inransom in less than 100 days. Typically, the ransom is only a fewthousand dollars, which, for now, seems to be a palatable price topay for companies to free their information. A 2014 surveyconducted by the Interdisciplinary Research Centrein Cyber Security at the University of Kent identified thatjust under half, or 41 percent, of those infected paid theransom.

Battling cyber criminals isn't easy, but it's not impossible.There are a variety of ways business owners and IT professionalscan bolster their cyber defenses:

• Improve interdepartmental communications: Infected emails arefrequently disguised as legitimate FedEx or UPS tracking notices.Before opening attachments, employees should verify shipments withthe distribution department to ensure authenticity. If the shippingdepartment has no records on file, employees should delete theemail and notify IT.

• Routinely back up computers: Although backing up a computer isalways critical, it's also important to use the right type ofsystem to do so. A “hot” backup system allows users to work in thenetwork while files are being continuously updated; however, as thesystem automatically saves files, it risks backing up encrypteddocuments. A “cold” system operates when employees are offline,typically during overnight hours. Because employees are offline,the likelihood of an encrypted file being backed up is minimized.Many company computers often follow standard company-wide backupprotocols, and an employee may not have the option to choose a coldsystem. In this case, ensure that the versioning function of thehot system, which directs the system to save several copies of thesame file, is turned on. This helps prevent file loss because anencrypted file will be saved alongside its clean version, ratherthan replacing the clean document with the encrypted copy.

  |

  • Build from the ground up: A carefully designed security systemimplemented early on is better than a system that is designed inresponse to a cyber breach. As companies are often primarilyfocused on business efficiencies and not security, involving anoutside security professional when designing the IT infrastructurecan help ensure companies are protected from end to end.

  • Go with your gut: In the event of a breach, there are also avariety of steps companies can take before making the decision topay the ransom. While many CryptoLocker attacks will warn employeesnot to go offline, shutting down an infected computer can sometimesbe the most effective means to halting the virus' replicationprocess. While some files will still be encrypted, if you can shutdown and unplug in time, you can often prevent the virus fromentering other network-affiliated computers.

Even if best practices are in place, preparation and riskmitigation is often not enough to prevent loss in the event of acyber attack. In times like these, it's important to have abusiness continuity plan in place. When reviewing insurancepolicies, make sure your policy has specialized coverage for cyberextortion risks. Such a policy shifts the risks associated withpaying ransoms and associated expenses, including additionalsecurity consulting, crisis management and public relationscosts.