Ransomware Attacks are Preventable: Are HVAC IT Networks Secure Enough?
Keeping the HVAC business’s IT infrastructure and software up to date is necessary, but one PC running an older, unsupported version of Windows can be “a chink in the defensive armor” that invites intrusion.
So, the fight against ransomware begins with a companywide process to ensure all machines are patched with the latest security updates from Microsoft and other applications.
Next, defending critical HVAC business processes from attack goes beyond simple anti-virus
protection that solely reacts to known threats.
“We recommend a new generation of advanced antivirus software that does not always depend on identifying known threats or ‘signatures.’ Instead, such software uses artificial intelligence to analyze which PC programs and processes are affected and as soon malicious activity is detected, stops it,” explains Yuriy Tatarintsev, Manager, Technical Operations at BTI Communications Group, an IT cybersecurity and technology convergence provider that services clients nationwide.
Email security is also of critical importance because insufficient precaution is a leading cause of companies getting ensnared in ransomware.
“Statistically most HVAC companies acquire ransomware when an employee receives a suspicious email that seems legitimate and clicks on an embedded link. This starts the ransomware attack, which spreads throughout the company network,” says Tatarintsev.
To protect against this hazard, Tatarintsev recommends that HVAC businesses use advanced email spam protection tools that offer significantly more defensive capability than earlier, more rudimentary options.
“The advanced tools not only filter out all potentially malicious emails, but also stop users from going to dangerous website destinations by clicking on links that could start a ransomware attack,” he says. He explains that the tools rewrite all the embedded
link Uniform Resource Locators (URLs). So, if a user clicks a URL in an email, instead of
linking to a potentially dangerous website, he or she is redirected to a safe location or ‘sandbox.’ The URL is analyzed to determine if it is dangerous, and if it is safe the user is allowed to go to the original website destination.
Since deceptive “phishing” emails designed to start a ransomware attack can seem like authentic emails, Tatarintsev advises that all HVAC employees receive periodic security awareness training.
If all these defenses fail and ransomware does infect and shut down a HVAC company’s IT network, a reliable back up system should be in place that can quickly restore all critical data. However, unless the backups are virtually continuous a day or even a week or more of data could be lost.
As an alternative, an increasing number of HVAC businesses are cost-effectively protecting against ransomware by outsourcing to professional, third-party firms like BTI Communications Group that remotely and continually provide layers of protection with a comprehensive, integrated IT approach.
This strategy can continually deter and detect threats as well as resolve vulnerabilities. Additionally, this eliminates the need to dedicate internal IT staff to these types of tasks.
It also minimizes potential loss and even liability if serious harm were to be caused by disrupted company services.
With the menace of ransomware continuing to escalate, HVAC businesses of all sizes would be wise to examine options for deterring the threat before being victimized.