How the cloud neutralises the threat of ransomware

David Walker

The aim of ransomware is simple: to harass people’s lives and businesses, and make a profit. Once on your computer network, this malicious software encrypts all your files. Like the holder of a coded message, you will be able to read your encrypted files again only when you get the key. The criminals who created the ransomware will sell you that key, for a price.

IT experts are seeing ransomware programs with names like WannaCry, Petya and CryptoLocker. Technology expert David Markus says his Melbourne IT consultancy, Combo, has seen a case per week over the past year. One client recognised that a server in his system was vulnerable, but didn’t move to protect it in time, Markus says. The client ultimately agreed to pay ransomware creators $7,000 for the key. Luckily it worked; some don’t.

Keeping data safe requires techniques which you may never have had to use before – particularly for backup. Using Xero will also ensure that critical client data is not threatened by ransomware. 

Taking refuge in the cloud

Xero backs up your data throughout the day, every day, and stores it in multiple secure locations, in the “cloud.” The data is encrypted using industry-standard encryption and multiple layers of firewalls are in place. All access to Xero’s data centres and servers is controlled and monitored 24/7. Xero also performs regular security audits.

These are good reasons to ensure all of your accounting and bookkeeping clients' relevant files are stored within Xero. Furthermore, Xero provides two-step authentication to better protect your account. Access requires your password plus a unique code generated by an app on your smartphone.

Data outside

You will likely also have a great deal of data that’s not in a cloud-only system like Xero – data that lives on your internal networks, such as instruction manuals and copies of your logo.

To protect this data from ransomware, there are two common approaches.

Option 1: A full versioned backup to a disconnected disk
This means backing up your files and data daily to an offsite repository. In the gold-standard version of this system, the offsite copy is a “versioned backup” that can restore your files to whatever state they were in at various points in the past.

This can require that someone physically taking disk drives or thumb drives home with them and swapping them around according to a regular schedule. That means the system relies on a disciplined staffer. As David Markus wryly notes, “businesses that have a manual process for backup are only one HR change away from having no backup at all”.

Option 2: A full versioned backup online
Many firms offer to automatically back up all your files over the Internet, encrypting them and discouraging hackers from reaching information owned by you or your clients. PCMagazine evaluated 10 dedicated backup services in July 2017 and ranked several as Editors’ Choices.

Basic online storage systems like Google Drive or Microsoft OneDrive can also keep online files synced to your local versions. But when ransomware hits the local versions, the syncing system will probably ensure that the online versions get encrypted too. Only rarely do these basic online storage systems allow you to automatically restore all of your files to a specified point in time. If the online service does keep earlier versions, you may have to restore tens of thousands of files manually, file by file. Combo’s David Markus is one who warns against using ordinary cloud-storage systems for backup.

Two options to avoid
Many small businesses skip the versioned offsite backup in favour of a local mirrored copy.  Both of these strategies are vulnerable to ransomware. As long as your backups are on the network and are addressable by Windows, ransomware can probably get to it.

Some final thoughts

How important is protection against ransomware? Important enough that the Australian Signal Directorate lists ransomware as its second-biggest cybersecurity  threat. The small business data-security expert CERT Australia recommends:

Training staff to check links before they click on them.

Keeping your Windows or other operating system versions patched.

Limiting the number of users with administrative privileges.

Using multifactor authentication for critical systems.

Using strong passwords or, better still, passphrases.

A well-structured backup plan has always been important, but it’s never been more vital.


Important note: All information is current as of late July 2017. This article is designed to promote general awareness of the issue discussed. Users should conduct further research and/or consult an information technology expert to determine which specific solution best meets their needs.


Want more great New Financial Year content?

Check it out