‘There’s likely not a person reading this online who hasn’t received a phishing attack, in which someone pretending to be a bank sends an email or text message, hoping to trick you into enter or re-enter account information or a credit card number.’ – Global News
We have all heard the cautionary tales, and yet phishing scams remain a multi-billion dollar business. It’s not a matter of if you will get attacked but when. Here are our top 3 tips to remain in the know and keep 1 step ahead of the scams.
1. EMAIL IS KING
Remember: Most ransomware attacks are triggered by a normal email with an infected attachment such a document, photo, video or other type of file.
Hackers don’t even need much knowledge to insert a piece of malware into a file; in many cases there are many articles and YouTube tutorials on how to hide code, making it child’s play.
The majority of ransomware is spread via spam campaigns involving hundreds of thousands of emails sent daily.
“Cybercriminals have found new ways to exploit the human factor — the instincts of curiosity and trust that lead well-intentioned people to play into the hands of the attacker. This could be in the form of a disguised URL or seemingly benign attachment, but all it takes is one click and the ransomware can take hold immediately.” says Adenike Cosgrove, cybersecurity strategist, EMEA, Proofpoint.
With this in mind, opening an email attachment from an unknown sender should always be avoided. If you are sure that this email is not addressed at you, delete it immediately.
If you think it might be from a colleague but you are unsure, do not open it until you have made a phone call or reached the sender in another way, to check their identity and ensure the legitimacy of the file. Remember, keeping your company’s IT systems and data secure is always the right decision.
2. EMPLOYEE TRAINING
Your employees remain your organization’s weakest security link.
Make your employees (and yourself) smart-er. What we see is that in the case of an encryption attack even the most experienced computer users get into a panic. Therefore, every employee in a company should exactly know what to do if they get attacked by ransomware.
A ransomware attack should not only be part of a business continuity plan for higher management or IT experts, but precise tips on what to do, when hit, should be visible and understood in every office. These can be simple, but effective, for example:
Disconnect from the internet and internal network
Try to properly shut down the device or immediately call IT security/IT administration
Password protecting all devices.
Installing all security updates.
Always using a safe wireless connection.
Train staff on cyber security practices, emphasizing not opening attachments or links from unknown sources.
“The best way to avoid traditional ransomware attacks is to learn what they look like. As we mentioned before, they tend to take the form of suspicious, clickable links or email attachments that infect your computer after you’ve opened them.”Your employees remain your organization’s weakest security link.
It might seem obvious, but backup is integral.
Even without other measures, firms would still be able to bring their files back with ease if they had a sensible backup process in place, says Boyd.
If your backups are not working or they have been infested by a ransomware virus, it is best to try contact a professional data recovery service provider who can attempt to recover your information from the problematic backup media or work around the ransomware itself to get to the data.
Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
Back up all information every day, including information on employee devices, so you can restore encrypted data if attacked.
Back up all information to a secure, offsite location.
If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. Make sure you use a trustworthy Virtual Private Network (VPN) when accessing public Wi-Fi like Norton WiFi Privacy.
The reason these types of attacks are on the rise is because they’re extremely profitable for perpetrators. Phishing attempts have grown 65% in the last year. It comes down to having a little bit of distrust for everything that you see or read online.
For more help setting up a cyber security policy or data backup plan, call ISP Computers – Your Geek to Human Translators.