Ransomware is often transmitted by email or web pop-ups and involves hackers holding your data hostage with threats of destroying it unless a ransom is paid. The recent WannaCry ransomware attack involved cybercriminals hijacking numerous Windows computers in more than 150 countries.
What is unfortunate about this attack, and sadly, many other attacks, is that cautious online behavior and safe security practices could have prevented this. To keep your business and data safe, check out these expert security tips.
The WannaCry attack is believed to have been spread through an email download. Dishearteningly, a security patch for this vulnerability was released eight weeks prior to the attack, thus, the crisis could have been avoided.
Users often refrain from actively checking for updates, leaving their equipment and data at risk. An easy remedy is to set up your system for automatic installation when updates are available. And just because Windows computers were the main target in this situation, does not mean that other devices and systems are in the clear. Remember that all operating systems are at risk, so regardless of the devices you use, you should always install the latest security updates and patches.
Install Antivirus Software
Aside from keeping your software up to speed, antivirus software can help prevent malware from infecting your computer. Just remember to keep it up-to-date and only download antivirus apps from reputable vendors (ex. Kaspersky Lab, Bitdefender, Malwarebytes).
Be Wary Of Suspicious Emails And Pop-ups
As previously mentioned, it is believed that the WannaCry attack stemmed from email attachments. With that said, we should all be wary of dubious emails containing links or attachments. Things to look out for include the sender (make sure it’s coming from a legitimate address) and any typos or grammatical errors in the body. If there are hyperlinks, hover over them (but don’t click!) to see whether they direct you to suspicious web pages. If an email appears to come from your bank, credit card company, or internet service provider, keep in mind that they will never ask for sensitive information (ex. password, social security number). Lastly, just say no to pop-up windows, regardless if they are advertising software products that remove malware. Whatever it may be is too good to be true and not worth the risk, so simply close the pop-up carefully.
Generally speaking, creating a copy of your data is always a good idea in case your computer fails or is lost. In the event that your computer is successfully hijacked, you can be your own hero. You can simply wipe your computer clean and restore your data with your backup copy. For added security, back up your data onto an external drive, and then store it somewhere safe and away from your computer. And be sure to backup your data regularly.
Create A Business Security Plan
Applying companywide security updates for larger businesses can be challenging, which is why a security plan will come in handy. A strict schedule for installing the latest updates with minimal interruption to productivity should be implemented. The IT department should also actively and regularly educate and test employees on spotting suspicious emails.
If you find that you are a victim of ransomware, your first step should be to disconnect your computer from the internet to limit spreading the attack to other machines. Next, report the crime to law enforcement and get help from a tech professional who specializes in data recovery (this is the best person to detail your options for you). Remember to not lose hope, as future security tools may be able to unlock your files.
Only in extreme cases should you consider paying a ransom. For example, if you have no backups and the encrypted files are of great value, paying the ransom may be your only route. However, in the WannaCry case, you should NOT pay the ransom as some victims have and are not hearing back from the cybercriminals.