It seems that just about every week there is another news story about ransomware attacks. Here is a fact that should concern you more - there are many more ransomware attacks that you might not even have heard about! For example, did you know that the NBA team Houston Rockets faced a ransomware cyber attack this year? Or did you know the computer company Acer faced an attack by REvil, a Russia-connected ransomware gang, who demanded a $50 million payment.
Kaseya, a US-based IT management software company, was also the victim of REvil on July 3rd. Although a recent update from the company stated that fewer than 60 Kaseya customers were directly compromised, they added that nearly 1,500 downstream businesses were affected.
What exactly is ransomware? Imagine turning on your computer one day to find that all your data files have been encrypted, but a criminal holds the key necessary for you to regain access to and use of these files. More importantly, ransomware doesn't only mean that you risk losing your access to data, it also means that confidential information is compromised.
Although ransomware is one of the biggest security threats businesses face, few are taking the steps necessary to reduce the risk associated with it. So what should you do? Very simple. You should protect yourself and you should help protect your clients.
The most important step you can take to protect against ransomware attacks is to focus on the weakest link in the security chain - humans. Although you may feel that the following actions are obvious and logical, they simply aren't. Educating your team and your clients may be the most effective method for preventing cyber attacks. Here are three very simple tips.
- Emails - Never click on any links or attachments in unsolicited emails.
- Websites - Ensure that your anti-virus software is regularly updated and regularly scans your computer.
- Passwords - Use complex, randomly generated passwords.
In addition, you should also address technology issues.
- All operating systems, applications and firmware on all of your company devices should be fully patched and regularly updated.
- All emails should be scanned for malicious attachments.
- Remote Desktop Protocol should be disabled on all end-user computers if it is not being used.
- Appropriate access controls should be in place.
Days prior to the recent attack on Kaseya, WoodardTM, as part of its free Summer of Training program, conducted a webinar on Ransomware and Small Business: Protecting Yourself and Your Clients. The handout from the webinar includes additional information about ransomware and can be downloaded from the Woodard Webinars page. In addition, members of the Woodard Alliance may view the recording of the webinar recording in the Alliance's VIP Library.
Do you have questions about this article? Email us and let us know > firstname.lastname@example.org