Ransomware is one of the most dangerous threats out there to many organizations today. If you haven't heard of it by now, it's when a hacker is able to access your computer to encrypt all your files and data. The hacker then asks you to pay a ransom to get back access to your files.
You may be telling yourself, "Well I have backups of my data", or "What are the chances of that happening to me?". The truth behind it is.... we can all be hacked! Hackers today no longer only go after big corporations, they also put traps on the internet hoping for someone to fall prey. They may disguise their trap as "Free Antivirus" or "Download the #1 PDF reader" and not knowing any better to the untrained eye, the victim clicks and downloads the virus.
What makes this even worse, is that downloading a virus is just one method to get infected by ransomware. We still have PC vulnerabilities, e-mail attachments, file transfer, Dropbox, OneDrive, and many more different ways to get hacked.
So, what can we do to protect ourselves? Here are 5 methods you can use to protect yourself.
1) Be active, not passive
Invest in anti-virus software. Most anti-virus software vendors out there today have added additional security features to prevent you from going on malicious websites, or even allowing you to download viruses onto your computer. Make sure to check out the features of what you're installing first as some providers give you basic protection when you may actually need the upgraded package.
Backups are really important when it comes to ransomware resiliency, some advanced types of ransomware can affect backups, so make sure you keep a "not connected" or "offline" copy of your backups. This will allow you to restore your data if you ever need to.
3) Create a handbook for tackling cyber-incidents
Because all cyber-attacks differ, we need to assign the correct personnel to handle different scenarios. If you're an organization, have a huddle meeting with your team to run through some scenarios and how you may tackle a situation from different approaches.
You don't need a degree to protect yourself against attacks. Sometimes having a quick 2 minute video demonstration or an e-mail of what to look out for each week can go a long way in protecting yourself against hackers. There are also some automated programs for organizations that help test and train employees on cybersecurity.
One model that is becoming more popular is Zero-Trust. A person trying to connect their device to the company network must be authenticated and verified before getting access. Think about it this way, you wouldn't give the keys to your brand-new BMW to anyone you just met. You may ask a question like "Why do they need my car" or verify that the person is trustworthy before you hand over those keys.
Cybersecurity is no joke, it's not only a matter of dollars and cents to get back up and running, but there are also other impacts such as your company's reputation, increased insurance premiums, regaining lost customer's trust and other factors. Investing in your cybersecurity today, can save you millions in lost revenue or even years of time recovering.
Scam emails, also known as Phishing emails, is one of the more popular techniques used by hackers today. Phishing is a type of online scam where criminals impersonate legitimate organizations via email, text message, advertisement, or other means to steal sensitive information. Most times, criminals will ask for some sort of payment, information (example: passwords), or try to get you to download a file, so that they can gain backdoor access to your device.
The best way to avoid a phishing scam is to learn the different types of phishing attacks a user can experience. Hackers often have more success phishing employees because they spend most of their day clicking on links and downloading files for work. Here are a few examples of misleading information scammers use to entice users to interact with their emails:
There are many ways to spot a scam email, once you pay attention to a few key details
1) Who is sending the email? Is it someone you know? - If you don’t recognize the sender or the spelling looks funny, we strongly suggest that you verify (if possible) with someone you know, or delete the email
2) Fuzzy images or aggressive wording? - Criminals often use templates to mass distribute to its intended victims.
3) Threats! - Some of these scam emails try to trick the reader to perform an action or else something bad will happen.
4) Password tricks – Criminals will sometimes ask you to verify your account with a service that you may have. What they are secretly doing in the background, is capturing your username and password.
5) Attachments and website links – Depending on the criminal’s objective, some emails will contain a malicious attachment or website link. Attachments will most times contain some sort of virus to infect your computer, while links will take you to malicious website to steal your information.
If you’re unsure of an email, make sure to look out for the key points mentioned before, especially if you have access to sensitive data or money. It’s also recommended to keep your computer software up to date, use strong passwords, and make sure to inspect your emails before clicking.
Some of the largest organizations have implemented training sessions for their employees to understand the seriousness of phishing and other attacks. You can provide all the training possible, unless you look out for these key points, you too can be victim of a phishing attack