Ransomware Prevention Starts With You
Posted by Dave Sherman—PhishLine • Tuesday May 30, 2017
It seems as though ransomware attacks are always making headlines. Big companies, small businesses, even individuals can fall victim. But those who take precautions can reduce the chances of having their data held hostage—or the unenviable prospect of paying a ransom to get back critical information.
It starts with a phish
Ransomware works because humans let it work. Not on purpose, but because they’ve been tricked into giving up critical information or access through a process called phishing. Phishing exploits natural human trust through a tactic known as social engineering. All hackers need to launch a successful ransomware attack is one person to fall for a suspicious phishing email.
Train employees to be vigilant
Because the most damaging ransomware attacks often target companies, training employees to be on the lookout is critical. Here are some signs that indicate that an email might be hiding a ransomware attack:
– A sense of urgency, such as a demand to immediately verify account information.
– The promise of something too good to be true, such as lottery winnings.
– Emails that come from trusted sources that seem ‘off’ or unusual.
– Several links that encourage recipients to click.
Remember that one click on a malicious link is all it takes to hold personal data—or a company’s entire network—hostage.
Here are some things you can do immediately to help employees fend off ransomware attacks:
– Keep operating systems and security software current.
– Install anti-virus software to protect your system from malware, viruses and other potential threats.
– Don’t ignore updates that fortify your system’s security; older systems are easy to attack.
– If you’re not sure if your systems are up to date, check with your technology support resource.
Backing up files regularly to a separate device will safeguard important data under any circumstances. So, if ransomware does encrypt your data, you can easily retrieve it by restoring a backup. Having a disaster recovery plan in place will also prepare you for a worst-case scenario.
If the worst happens
If an employee does click on a link that triggers a ransomware attack, all may not be lost—if he or she is trained to act quickly. In some cases, hard stopping the infected device (holding the power off button down for several seconds) may stop the spread of ransomware. An immediate call to information security can also alert those most capable of minimizing the crisis.
Prevention is key
As long as there are cyber-criminals, there will also be ransomware attacks. By doing everything you can to ensure your systems are protected—and by staying vigilant—you can prevent them from happening and making even more headlines.