Cryptoviruses are malicious software programs written to deny a user access to their files. They're usually downloaded as an email attachment. If executed, they seek the hard disk for user-generated content (Excel files, Word docs, txt files, PDF files, etc.) and encrypts them; that is to say that the program scrambles the data and makes the file totally worthless.

That's pretty bad. Still, what's worse is that the virus doesn't stop looking at files on the local hard disk. It will also encrypt whatever it can on a network file share, or, an attached USB storage device (like an external hard drive).

When the user tries to open up the content, the virus may even display a message requiring the user to drop money into a Paypal or Bitcoin account as a form of ransom. Further, trying to open up the content may trigger the virus all over again as to re-process encryption on new documents.

Here's the deal: there's virtually no recovery from this and it's really bad juju for the small business. Even local backups against locally-attached USB hard drives will be affected. And it's not like this stuff is going away. These kinds of attacks are only going to increase this year.

Cryptoviruses represent an enormous threat to small businesses because they usually don't have the expertise to recover their files quickly, and, a complete loss of their files is an absolute loss of intellectual property. Hopefully, they won't actually pay ransoms because it only encourages more malicious software, and, they're helping to fund the virus-writers.

The files affected by a cryptovirus will be utterly lost unless:

1. The user has enabled a shadow volume on their Windows computer and/or server with sufficient drive space to go back in time x-number of days prior to the infection. 

2. The user/firm has deployed an online backup product. The online backup product has copies of user files securely on another computer outside the network from which backups can be recovered.

The situation is pretty bad if neither of these options are available to the technician attempting to recover this data.

In my opinion, there's a range of controls that need to be implemented in order to help safeguard small businesses from these devastating forms of malware.

Administrative Controls: Small businesses need strong policies controlling user behaviors, especially surrounding the use of USB (thumb) drives and personal email systems. Thumb drives bypass our Technical Controls and place a file directly on the system; private email systems cannot be monitored and filtered, and stuff transmitted across them can't be controlled. Users should be prohibited by company policy from using these kinds of technologies on work assets; if they want to check personal email, they should use their own phone. Finally, training: users should be trained on how to spot errant programs and suspicious attachments and taught not to open them.

Technical Controls: Certainly we can implement Technical Controls that prevent the user from using USB sticks, and, from accessing private email accounts (like filters on our firewall). We can also implement strong filters on our corporate email service to help screen viruses and spam. We can use modern web-based mail systems that prevent downloading of suspicious attachments. We can implement antivirus on our workstations. We can set mandatory shadow volume settings on workstations and file servers. We can centralize file management to a single set of repositories (like a server or a NAS appliance). And we can implement an online backup product against those repositories to allow for offsite recovery.

I help my clients with many of these things as a strategy for countering cryptovirus threats. I help my clients:

• Develop Administrative policies and procedures to safeguard their IT assets

• Implement the Technical Controls necessary to execute their Administrative directives

• Audit the system and implement corrective actions to ward against evolving threats

The threat of cryptoviruses isn't insurmountable. They can be planned for. But that's just it: they must be anticipated and planned for. If their risk isn't managed, there's nothing that'll help the small business if they're hit by one of these attacks. Recovery is very difficult if not impossible.

R

Okay, you're a small business mogul and you want to be successful. That's awesome. Here's my advice: stop working.

And that's going to seem really antithetical to you. Stop working? Who in the Hell has time for that? I mean, it's all of your hard work and sweat equity that has brought you to where you are today. Won't it be the same for you tomorrow?

No, it shouldn't, and to explain why, I'm going to evoke two classic texts in business management: Gerber's The E-Myth Series and Ferriss' The Four-Hour Work Week. A great bunch of books, especially if you want to learn the secret about being successful. 

Here's their secrets, boiled down to a single idea: stop working.

No, I'm serious.

When it comes to Gerber, he's a big proponent of franchises.  Businesses in a box. You buy the box and you buy the systems, the solutions, the capabilities, to deliver a product that's all marketed for you by somebody else. Stop developing this crap on your own - stop working! You buy the box, you open it up, you learn a little about it yourself and hire good people to follow the instructions. What more revenue? Scale your franchise. It's like instant coffee. Add more hot water and coffee-crystals and you're ready to go.

When it comes to Ferriss, his big idea is to stop working, yes, by allowing the Internet (and its minions) to do work for you, to use automation and the reach of the Internet to reach tens of thousands of potential customers while you reap the benefits in a hammock beachside (if the cover art is anything to be believed).

Like anything, I like to think real life is somewhere between two extremes and I feel that Gerber and Ferriss' ideas represent two extremes on the same theme. One says "buy the box, manage it, and scale it" while the other says "set up a box that you forget about and churns out money". They both have great ideas that reflect what real success in business is all about.

Real success in business isn't money. It's time. It's even more precious than money.

Look at what you're doing. If you're slaving away 40, 50, 60 ... 80 hours a week on your small business, you're throwing a lot of your time at a problem; your returns are diminishing with every passing hour.

• Your systems and processes may be too antiquated to allow for automation and you and your staff must do everything by hand;
  

• You may be too labor dependent - more scale means more people - and it takes much more capital to hire human labor and maintain it than to purchase automation (which could be depreciated over time);
  

• You may be too dependent on physical assets - electronic or data assets scale immediately with very small incremental costs, like, doing more business onground in a retail store vs doing more business across a website ... it's infinitely cheaper to scale a website or make an app to allow for more volume of sales than it is to lease another retail space for 15 years;
  

• You may be poor at delegation and insist on doing everything yourself which prohibits your ability to scale; one person to do it all! That's your motto!
  

• Your business may absolutely be a job. Hell, it may even be just a hobby and not a business. It couldn't survive if you weren't around. Take a look at your operation: if you weren't there, could anything get done? If you weren't there, would your product be made or your service delivered? If you answered no, you have a job, my friend, not a business, and if your job isn't profitable, you're doing it for funzies. It's just a hobby because it's not anything you could sell to somebody else - you have no exit strategy.

So if real success in business is time then the advice I must give you is to stop working. What? Wait ... you can't? Hey, I get it, but that's what technology is for, silly. This is what tech is really good at. Automating.

Applying technology attempts to reduce the impact of labor on a business model and to allow a firm to scale without additional incremental investment. It's about working smarter than harder. 

So how about if you create a new metric for yourself? Hours Spent Working. That number should go down while your Quarterly Gross Revenue numbers should go up. Right? Because that's what businesses do? They make money while you're not there. 

Stop working!

R

Well it turns out that the crazy valuations for tech stocks are finally undergoing a correction. Finally! 

Amazingly, and I know you're probably shocked, the thousands of little tech companies that have been surviving off of the teats of their angel investors are beginning to starve! The poor little mongrels.

Investors, it seems, would like a return on their capital rather than supporting wacky business ideas that couldn't possibly work in the real world. The end result is that we're on the edge of another mass extinction event - a great implosion - that'll take out a bunch of tiny tech players thinking they could Get Big Fast before now. 

What? You say this sounds familiar? Well it is; to me, it smells like Teen Spirit, or rather, the late 1990's. At the edge of the Internet mania that would eventually pop the tech bubble.

Okay, you're a small business owner, what do you have to know about this next die off?

1. You've put your small business capabilities and intellectual property assets at risk if you've invested a lot of time and energy in a dinky, no-name Internet company. If it's not a proven brand, they won't survive the coming apocalypse; they'll either die or be acquired.
   

2. You need to consider relocating those assets and capabilities to a brand that'll survive the impending extinction event, and probably sooner than later.

Now would be a good time to consider this problem rather than waiting for the implosion to happen, when you don't have any more options.

R