Cyber security

HAPPY NEW YEAR. Time To Give Your Clients a Ransomware Reality Check

You got through the holidays, and hopefully all your relatives safely departed. Uncle Buck finally went home. Your annual threat of personal and property damage is thwarted and tucked away for another year.

Now it’s time to shore things up at work. There are lots of priorities for 2020, but security for you and your clients should be at the top.

What if one of your clients returned to work today, turned on their computer and were greeted with this —

Happy New Year. Your network was hacked and encrypted.

True story. This happened to one of our clients. They came back from the holidays to find they’d lost 30 years of data due to a cyberattack. They had no way to bill; no data history; and, no supporting documentation. They had to comb through their Outlook calendars to recreate billing just to keep the doors open.

What would you do to help them? Do you have a plan?

Downtime for most businesses who fall prey to ransomware is often more costly than the attack itself. While we had our client up and running in a skeletal format in just a few days with Microsoft Dynamics 365 Business Central and Progressus, business closure and “dark days” caused by the attack were the real threat to their livelihood.

For most businesses, it takes at least a week to recover from a malware attack. Some take longer. Baltimore City Government was hit by ransomware in 2019, and it took over a month to recover with an estimated economic impact of $18 million dollars. FedEx reported a $300 million dollar loss from system downtime and disaster recovery efforts due to ransomware last year (  Don’t let the stats on large organizations give you a false sense of security. Ransomware attacks are size neutral.  They can attack any business, of any size.

Preventing Ransomware Attacks

Take Stock

We are seeing an alarming increase in the number of clients who are not adequately maintaining their on-premises systems and security software, which make them a prime target. The real and perceived costs to a person and property over the holidays is nothing compared to what a malware invasion does to your company.

The more you’re aware of cybersecurity threats and the more you’re prepared, the less your client is at risk for the Uncle Bucks of the digital world, and the greater your returns and guarantee for safe business practices now and in the future.

System Update — On-premises or the Cloud?

Have your clients delayed updating their on-prem server? If they are relying on outdated systems and have been putting off modernizing their mode of operations, then they are betting on the wrong horse and rendering their company vulnerable to an attack.

A few factors to consider:

With the upcoming end of life for Windows 7 and Windows Service 2008 R2 support, they will become more vulnerable to security risks and viruses, as they will no longer receive software updates —including security —from Microsoft. If this describes your client, they should be considering an upgrade to their Windows operating system, consider purchasing Extended Security Updates for the operating system, or take advantage of moving to Azure to continue getting free security updates.

Recently a prospect came to us with a dilemma: “Keep on-prem or go to the cloud?” I am sure you have heard the same.

Ultimately, our now client chose the CLOUD. The driving factors were security and the ultimate costs of would-be maintenance and upkeep on new on-prem servers. On-premises servers can quickly become obsolete, and eventually the cost of maintaining or refreshing these systems may outgrow any real or perceived benefit. Do a pro/con list for your clients. It’s a quick exercise to see that the costs of maintaining the on-prem option may be far bigger than any real or perceived benefit.

In this case, our client estimated more than $60,000 in new hardware, $20,000 in new software for that hardware, and more than $100,000 for the Senior IT person who would be responsible for ongoing care and feeding – including full accountability for staying current within a constantly evolving security landscape. This is in addition to an ongoing operating cost for upgrading the server room, A/C and flooring, and power needs.  It would have cost them $200K to stay with old technology.

With the move to the cloud, it eliminated all of the above, and the IT person already on staff was able to evolve their skills with minimal training, and provide new capabilities to their end users with minimal support. By offering and implementing cloud technologies your clients benefit from improved reliability, security, and scalability, as well as innovating with new business services.

Help Them Consider the Cost (The real cost of ransomware)

Nothing hurts quite like harm caused by digital invasion or exposure —it’s an invisible and costly enemy of enterprise. The threat (and cost) of ransomware is real and increasing for companies of every shape and size.

Attacks are on the rise, and costs are climbing. According to, in 2019 ransomware attacks averaged every 14 seconds. By 2021, the speed of invasion is projected to be every 11 seconds. Estimates from ransomware recovery costs exceeded eight billion in 2018, and companies of all sizes were affected. New ransomware variant payments are increasing and have gone from a $10,000 average to $288,000 per incident.

Ransomware doesn’t discriminate. It’s malicious software that invades computer networks of all sizes and holds your client’s data hostage through encryption or other methods until ransom is paid; usually through cryptocurrency such as Bitware. If your clients think they are too small or out of the scope of the attacks, you should be telling them to think again.

Security Solution Starter Setup

While, the data is sobering, there are mechanisms you can help them utilize and deploy. For example, if your clients are using an updated version of Microsoft Office, then they already have access to a few tools for protection against unwanted guests or malware invaders.

If they don’t yet have a recent version of Microsoft Office, then you should be discussing the security benefit from upgrading as another reason to weigh the investment earlier rather than later.

The Microsoft Cloud platform offers built-in security:  Microsoft Office 365 and Microsoft Dynamics 365 both have ransomware versioning and built-in protections. Onedrive for BusinessSharePoint Online and Teams, which are part of the Microsoft Office solution have versioning and built-in ransomware protection for corporate shares. If they are supported by the cloud, then updates are ongoing and seamless.

In addition, Azure offers a back-up plan for off-site protection. By moving your workload to Azure, it takes just minutes to recover from a cyberattack like ransomware.

No matter where they stand on business software – on-premises or cloud – there are security solutions. Knowing your company’s secure score is your first step.  With that, you can help them configure what’s right their company’s scale and scope.

Resolve to help your client with their security needs this year. We’ll show you how. Contact us today.

Best Regards,

Keith Goedde

About Keith

Keith leads the Velosio Cloud Practice consulting with clients on their Cloud Transformation strategies and ensuring the scalability, security, and operations of the Velosio Stratos Cloud.