How to Keep Ransomware From Wreaking Havoc in Your Organization

Ransomware has become a real challenge for companies; if they don’t remain vigilant, they will be sure to fall victim to hackers. Here are some tips to keep your data safe.

It’s really that simple. It doesn’t take a technical mastermind to carry out a hack—a cyber-attacker just needs to access basic data, usually available to the public online. The next time you get an email from so-and-so at whatever bank requesting an employee’s W2 form, stop. Forward the email to your direct manager or someone on your IT team. Think the email could be legit? Verify your hunch: Look at the domain name, website address and the sender’s name to make sure there are no typos or intentional misspellings.

Organizations need to combine rigorous employee training with technology. While other delivery methods are used—botnets and USB sticks, for example—email is, and will remain for the foreseeable future, the primary delivery mechanism, given its low cost, ubiquity and difficulty to secure fully. That being said, organizations need staff to be aware of the different types of attacks they could find in their inbox, ransomware being a currently popular type. Employee awareness and training should be a continuous thing, not a once-a-year training. As employees click and browse through their inbox, they should be informed, warned and blocked as they go.

If you receive an email that contains tracking information from a postal service but you aren’t expecting a shipment, stop. Don’t click the tracking URL because it’s really a malicious link disguised as something familiar. The same goes for emails containing attachments—these could contain malicious code.

If you work in human resources, sales or communications, for example, it’s likely your name and contact information are listed on the company’s website. If this is the case, you need to be extra vigilant when it comes to practicing good security. Cyber-attackers will view you as an easy steppingstone to gain access to senior executives or company information. Be on the lookout for fraudulent emails, always.

Here’s a wake-up call for you: Cyber-attacks are not random. They are well-researched and usually architected using information you share online. Personal details including where you work, your job title, who you’re friends with, and what you’re doing and when are plastered all over social media sites such as LinkedIn and Facebook. Hackers research these sites to gather intelligence on unsuspecting victims—this is called social engineering.

After everything you just learned, this one should be a no-brainer. If you receive an email from a bank or financial institution requesting your credentials, don’t click the link—it could be malicious. Even if the email is branded with what looks like legitimate logos and fonts, it could be a scam. Instead, type in the actual website address, verify the secure connection using “HTTPS,” then provide your details in a legitimate, secure environment.

In the event an attack manages to breach their prevention, companies need to have a comprehensive backup and recovery plan in place, including for their email.