3 ways to prevent your business from being held hostage by ransomware
05 April 2016
Threats within IT security are rapidly increasing in frequency, complexity and variety. One threat that has become more common and sophisticated in recent months is ransomware, a type of malware that holds business data hostage by encrypting it and demanding payment as a ransom.
The majority of ransomware is delivered by email, an increasingly easy way for attackers to infect your devices and hijack sensitive information by hiding malicious data and programs in seemingly harmless links or attachments. Frequently used ransomware malware includes TorrentLocker Cryptolocker, and CTB-Locker, which are propagated using malicious email attachments to unsuspecting recipients.
Here’s an example: one of your employees receives an email address with an invoice attachment. To the employee, it might look like the type of email that should be received, and so the attachment is downloaded and the ransomware is instantly activated. In one swift motion caused by a simple click, data on your entire business network has been encrypted and it’s going to be either very difficult or very expensive to resolve. Scary, right?
So with growing amounts of organisations falling victim to these cyber attacks, how can you possibly avoid ransomware?
The team at Prodec Networks believe that by following a few simple precautions and protocols, you can prevent the consequences of infectious ransomware hidden in emails. A combination of good practice, raising employee awareness and deploying intelligent security solutions will make sure you and your business avoid the damaging effects ransomware can cause.
1. Keep your personal information personal
In order for an attacker to email you, they first need to get hold of your personal information, and unfortunately it’s extremely easy for them to do so. One way attackers collect email addresses is by browsing publicly accessibly websites such as web forums, even ones you think are trustworthy. Once acquired, your email address would be added to a list of emails that will be sent malicious mail. From then, your potential attacker can mount phishing attacks or launch unwelcome advertising campaigns.
Considering when to provide your email address, or even provide email addresses of colleagues, can prevent an attack before it’s even been made possible. Make sure you're confident that your email address will be stored securely and legally when providing it, and that it wont be forwarded to dreaded "third party companies".
2. Teach your employees to click clever
Remember – it only takes ONE CLICK to initiate a ransomware attack, so even if you’re personally savvy enough to see a potential harmful email, chances are a member of your staff aren’t. Raising awareness of email security best practises and even testing your employees can prevent the worst from happening.
Good practices that you can teach your employees include double-checking that the opener recognises the sender of a message before opening any attachments, being cautious of offers that sound too good to be true, and most importantly, not clicking links in unsolicited emails. These are all extremely basic but essential measures that can help keep you from falling victim. As Mattel’s $3million CEO mail scam showed, cyber thieves have become scarily good at convincing you their messages are coming straight from your boss.
Alongside being vigilant with the emails you are receiving, it is just as important to be aware of the emails you are sending. Check the information within your email, make sure any attachments are the ones intended, and that the recipients are all correct. It is a quick and easy mistake to send sensitive or personal information to the wrong person, but one that could be costly to both you and your business.
3. Use a proactive security solution
Bearing in mind the considerable amount of malicious software being propagated via email every day, investing in a security solution is essential to protecting your sensitive data and devices. Remember that it’s a lot cheaper to maintain your network security infrastructure than it is to recover from a single critical attack.
A ransomware protection solution from suppliers like SentinelOne provides businesses with behaviour-based detection and intelligent automation that stops the most advanced forms of malware, ransomware, exploits and insider attacks dead in their tracks.
By teaching your employees to click clever, raising awareness of good security practices and installing a vital security solution such as SentinelOne, it is possible to eliminate the security risks associated with ransomware attacks, making sure you’re never the one to get caught out.
So for the love of your business, don’t leave yourself vulnerable to an attack.
To find out more about SentinelOne and understand how it can defend your network from infection, click on the banner below.