Member Article

Does the cloud hold the solution to ransomware attacks?

It’s the message currently most feared by corporates and individuals alike: “Attention!! All your files have been encrypted!”. One expert industry source suggests that last year, ransomware attacks on business increased three-fold, to the equivalent of an attack every 40 seconds. The most common form of attack involves the encryption of data on the user’s computer, and the poor victim is left with little option but to pay up to get it decrypted. Even then, there is no certainty this will happen.

While diligent off-machine backups are the best approach to safeguarding important files, avoiding local storage altogether - by storing data in the cloud - can be highly effective.

However, many businesses are not ready to implement enterprise-wide cloud solutions, and especially for smaller enterprises, the effort may not seem worthwhile. One alternative that is increasingly popular is to use a cloud product for specific applications such as Purchase Order and Purchase to Pay or personnel records management solutions. This allows secure access to operational files and data from anywhere in the world, making business on the move a practical proposition.

So is cloud storage the simple answer to the ransomware epidemic? Data centres by their nature avoid the usual pitfalls and insecurities of out of date operating systems, but how can a corporate user know that their cloud product is secure? Due diligence is required in selecting a solution. Ideally the server holding the data should be UK based and based on a Private Cloud system. It should have a reliable back up regime to the main data centres for resilience, and have undergone rigorous penetration testing to approved standards.

Cloud B2B Solutions, for example, has a suite of products based on private cloud hosting in a highly secure UK data centre, backed up every day to Azure for resilience. The products include a simple to use electronic Purchase Order system that stores no data locally, accessing it via a secure cloud interface as required. The package has undergone penetration testing to CREST and TigerScheme standards, and meets the requirements of the UK Cyber Essentials scheme. The company also supplies HR online for single or multi-site operations and plans further online products later this year for contracts management and expenses management.

The threat from malware of all kinds will undoubtedly increase, and switched on businesses need to use all their intelligence to stay ahead of the bad guys.

This was posted in Bdaily's Members' News section by Terry Nicklin .