Ransomware is an ever-growing threat, dealing with the aftermath of an attack is a nightmare. The greatest way to protect yourself and your company from an attack is to educate yourselves and your workforce. Ransomware hides in plain sight, tricks users into thinking they are installing or clicking something safe and ordinary, educating your workforce to be able to tell the difference between something malicious and to be cautious online is trickier than we think at first glance. It is a constant process but with these few tips you are steering yourself and your organisation in the right direction.
1. Back up your files regularly and keep a recent backup off-site
Ideally when at work the backup procedure should be outlined by your IT department. It should be diverse and not have one singular failure point. A combination of cloud services and local storage solutions are the best practice. Users should not store personal backups without the knowledge of their IT department and should adhere to the backup practices set in place by the IT department. It is good practice when you are at home to have a backup of your personal data, you can do this easily with a Dropbox, Google drive or Microsoft One Drive account, having a locally saved copy using an external HDD also will ensure your personal data cannot be held to ransom.
2. Educate yourself and users on what macros are and to be wary of them
A common method of distributing ransomware is through office documents that trick a user into enabling a set of macros. They can disguise themselves as a customer with what looks like a quote attached in an office document format. So, what are macros? They are essentially a miniature program embedded inside the document. They do not run by default and you should not enable them. Educating yourself on what a macro is and ensuring you don’t enable macros in any document unless you fully understand what that macro will do is paramount to avoiding an attack.
3. Carefully check attachments before opening them
Still one of the most common methods of attack is through mail attachments, you should always read the file name before opening it, being wary of batch files or any file name that you are unfamiliar with. Always check the sender is a reliable source too.
4. Avoid using administrator accounts when possible
In most cases your IT department should have control over this but in some circumstances, you may find that you have been given access to something you might not feel you need access to, if so you should report it to your IT department. Using the administrator account should be kept to a minimum also, this will avoid the accidental installation of unsolicited programs.
5. Ensure the applications on your machine are up to date
You should ensure all your applications are up to date with the most recent security patches, this applies to both your work devices and personal devices. Keeping your devices up to date with security patches gives cybercriminals less options for infecting you.
6. Don’t assume you’re safe on mobile
Do not overlook the security flaws in Android and to a lesser extend iOS, they are fully fledged computing machines and should be treated with the same caution as any other computer. Adhere to the same practices of not opening unfamiliar email attachments but also be careful when installing apps. Apple’s walled garden app store does not mean you are safe from malware or ransomware attacks, recent examples such as XCodeGhost have proven that iOS is also vulnerable to attacks. If you are unsure if an application is safe, err on the side of caution and do not install it.
7. Be wary using social media
Social media can be a breeding ground for cybercriminals. The use of shortened links and flashy sale images being shared can quickly spread among friends, like wildfire a threat can move from user to the next. Cybercriminals want you to let your guard down, that way they can use the trust among your friends, family and co-workers to spread their malware. Avoid clicking on any links that have “bit.ly” or links that you are unfamiliar with the url.
8. Two-factor authentications
You should ensure your passwords for all your accounts are up to security standards. This can usually involve setting up a 2 step or 2 factor authentication system. Taking the form of generating a code from either an email or a text to your mobile. It provides another security wall between you and cybercriminals if your passwords are ever compromised. You should look to adopt a 2-factor system for your social media accounts and private email accounts where possible.
9. Resist your curiosity
Sometimes you need to avoid the curiosity of clicking on an advert online or links found within spam mail. Cybercriminals will try to entice you with flashy or compelling images, videos and webpages. They want to lull you into a false sense of security so that you will click and install or download infected files. Keep alert and don’t take unnecessary risks.