Architecture Firms Under Threat of Ransomware Attacks
Now that offices have shut down across the country due to the coronavirus pandemic and companies are scrambling to get everyone back on track offsite, it’s no surprise that malign actors would try to take advantage of that chaos. “We’ve seen two to three times the usual number of breaches, most frequently ransomware attacks, in the last two weeks,” says Robert Rosenzweig, national cyber risk practice leader at Risk Strategies, a large national insurance brokerage. The threats are corroborated by architecture firms that have spoken to RECORD. “At this time, we are seeing a significant spike in phishing and cyber-attack activity,” says Greg Fait, director of enterprise infrastructure at Perkins and Will.
Ransomware attacks, in which a company’s data is encrypted and held hostage for ransom—costing professional services companies an average of $168,000 in 2018—have become more common as all industries become increasingly reliant on technology. “Bad actors can extort any business by cutting off their life blood,” says Rosenzweig. In the past, companies like Equifax were prime targets for their troves of personal data, which could be sold on the black market; today, healthcare and professional services are the top two business sectors targeted by ransomware attacks, according to a recent analysis of 478 claims. In the case of professional services firms, which include architecture practices, the companies have their own data to keep secure, but also that of their clients.
To guard against disaster, IT experts recommend some basic strategies. The most straightforward one is to back up files regularly and take them off the network. “Once a week, make a copy of all your files on a USB drive, take it home and set it on a shelf,” says Joe Popper, COO of San Francisco-based managed services provider MicroMenders, which functions as an outsourced IT department to clients that include several architecture firms. “If you have a backup that is isolated from the network, you can always recover from that.” Alternatively, Perkins and Will uses a file system service called Nasuni that stores backups in the cloud, which can be easily retrieved in the case of a ransomware attack.
In terms of securing the IT infrastructure itself, steps include putting software restrictions on company computers to keep malware from being installed, and making sure they have up-to-date antivirus software. One worrisome issue is that in the rush to work from home, safeguarding and/or limiting access by home computers may have been overlooked. In addition, Popper encourages his clients to require multifactor authentication to log on to the network, and purchase cyber insurance, which is relatively inexpensive compared to professional liability insurance.
Staff awareness is yet another fundamental defense. Phishing, in which users are typically prompted to click on a link or attachment in a seemingly legitimate email, is the most common method hackers use to infiltrate a network. In response, phishing/malware training programs have been developed to sensitize users to the danger. According to Perkins and Will’s Fait, the company has conducted such training in the past—and, given the circumstances, is doubling down by rolling out a refresher session to all 2,600-plus staff in its 26 studios this week.