Includes quick anti-ransomware tips for a one-minute read.
Ransomware is a form of malicious software that either locks down or encrypts a victim’s critical data or systems. The data is held hostage and users or organizations lose access to their information stored on networks, programs, files, or databases. Malicious actors demand a ransom in return for renewed access to the data.
Ransomware attacks crashed down on schools, hospitals and government agencies in torrents last year, taking advantage of the entities providing education, healthcare and assistance to individuals during the COVID-19 pandemic.
Even worse, the ransomware threat is escalating by leaps and bounds. This menacing type of malware attacks a new victim every 14 seconds.
“Ransomware has rapidly emerged as the most visible cybersecurity risk playing out across our nation’s networks, locking up private sector organizations and government agencies alike,” the Cybersecurity and Infrastructure Security Agency (CISA) said.
The good news? Your organization can take steps to avoid becoming a target. Read on for quick tips and resources that can help you prevent one of the most dreaded cyberattacks in existence.
To skim these tips in about one minute, read the “Quick Tips.” If you’re looking for more information and resources, read the “Learn More” sections for each tip.
Quick Tip #1: Back up your data regularly.
Learn More: If you become the victim of a ransomware attack, backups may be the only way you get your data back.
You should get in the habit of keeping three copies of your critical data. It’s a good idea to store one of them offline.
However, don’t stop at simply saving your files to an additional location. Test retrieving your data from the backup location on a regular schedule to make sure that the backup data can be in full. Verify that the backup location is secure and accessible offline.
Resource: Data Backup Options PDF by the Cybersecurity and Infrastructure Security Agency (CISA)
Quick Tip #2: Educate your employees.
Learn More: Ransomware can easily happen if employees inadvertently click on a malicious email attachment.
Implement an awareness program at your organization that trains employees to understand, prevent and recognize a ransomware attack. Your training program should emphasize the severity of ransomware and the specific impact an attack could have on your organization. Instruct your employees about the danger of clicking on unsolicited emails.
Your IT team may want to consider sending simulated phishing emails to test how your employees respond.
Resource: Ransomware Trainings and Webinars by the Cybersecurity and Infrastructure Security Agency (CISA)
Quick Tip #3: Install antivirus software.
Learn More: Installing antivirus software can be key to detecting known threats to your data. Antivirus software searches computer files for indications of malicious code and will either alert you about any malware or remove it without a notification.
Once you install an antivirus program, you should become familiar with its features and consider setting the software to run periodic scans on your computer.
Remember to keep your antivirus software updated because new types of malware are being discovered every day.
Resource: Understanding Anti-Virus Software Security Tip by the Cybersecurity and Infrastructure Security Agency (CISA)
Quick Tip #4: Don’t open suspicious emails.
Learn More: Review subject lines before you open the email to identify common characteristics of spam emails. Those may include a subject line offering something for free, a misspelled word or name, strange characters or symbols that don’t make sense in context, or an alert about action you “must” take on one of your online accounts.
If you don’t know the source, don’t open the email.
Resource: Phishing by the Federal Trade Commission (FTC)
Quick Tip #5: Update your operating systems and software with the latest patches.
Learn More: Consider setting automatic updates on your device.
And those annoying pop-ups on your computer reminding you to run an update? Don’t ignore them. Do it today. Also, make sure your computer is set to run a regular security scan (check with your company’s IT department).
You may also want to consider installing a central patch management system.
Resource: Understanding Patches and Software Updates Security Tip by the Cybersecurity and Infrastructure Security Agency (CISA)
Quick Tip #6: Use multi-factor authentication.
Learn More: Multi-factor authentication (MFA) enables a higher level of access security. Users must provide two out of three types of authentication in these categories:
Something you know – Passwords or pre-planned responses fall under this category.
Something you have – This could include a smart card, key, or message sent to the user with a PIN.
Something you are – Authentication could include fingerprint scans, facial recognition, voice recognition, or other biometric identification.
Resource: A How-To Guide for Multi-Factor Authentication by the Cybersecurity and Infrastructure Security Agency (CISA)
Quick Tip #7: Set up a spam filter for your organization’s mail server.
Learn More: Spam filters assist in blocking phishing emails from reaching end users. This additional preventive measure can be extremely useful in identifying known or potential spam and blocking it before reaching its target user.
The filters vary depending on the email provider. Some filters restrict emails to only those from your contacts or block particular addresses.
Spam tagging services from many internet service providers enable users to view an email tagged as “spam” before it’s deleted, which can work in tandem with email filtering.
Resource: Reducing Spam Security Tip by the Cybersecurity and Infrastructure Security Agency (CISA)
Don’t let your organization make the headlines as a ransomware victim; implement these seven tips before it’s too late.
For more information about protecting your data from a ransomware attack, read this Ransomware Guide by the Cybersecurity and Infrastructure Security Agency (CISA).
Note: The FBI doesn’t recommend paying the ransom in return for data. Payment doesn’t guarantee your data will be decrypted or that your data and systems are no longer accessible to cyber criminals.
Learn about Quanterion’s cybersecurity consulting services: https://www.quanterion.com/products-services/consulting/