Ransomware Part II

In our last blog, we explained what ransomware is, and why it can be an especially troublesome malware. Today, let’s look at what you can do to avoid falling victim. Prevention is the best cure. Follow standard “data hygiene” principles that you probably hear about all of the time. Update your OS, software, apps, firmware and drivers whenever a new release or patch is released. Do this ASAP. Some patches may be released solely as a result of the discovery of a vulnerability.

Be Deliberate

Watch out for phishing scams. If anything looks “off” about an email, don’t open it. And never open links you aren’t totally sure of. If unsure, contact the sender by call, SMS or fresh email to verify they actually sent you a link. Understand that if the sender’s mailbox has been breached, your email to them to confirm could very well be replied to by the cybercriminal. Unfortunately, human error is one of the biggest problems for data security. Employees unwittingly open links received via email or download information from insecure websites. Enrolling employees in training programs that have short, frequent reminders of current threats, is a good way to avoid those kinds of accidents. The cost of a training program can quickly and easily be surpassed many times over when you suffer a breach—especially if you lose any confidential data such as employee or customer details.

Secure Backups

Beyond prevention, the most important thing you can do to make sure your data cannot be held ransom is strictly adhering to a regimen of backups. Routinely backup your data. However, with ransomware, not all backups may be foolproof. If your data has been infected and you are unaware of it, or the backup is not segregated from your network, your backups may also be corrupted. Given the severe consequences of a ransomware attack, consider having a security evaluation done by a managed service provider who will have the security expertise to advise on the best backup protocols for your situation. Ransomware presents some unique challenges that require more sophisticated data protection protocols. Contact a managed service provider for a complete security evaluation.