Your people are always going to be your best defense against most ransomware attacks. Heres how to help them function best as your first line of defense.
It was hard to find a media outlet in the past few weeks that wasnt reporting on the WannaCry ransomware attack that hit organizations worldwide – including many health care providers. It was a huge concern, and especially important for the health care community to note, because it was the first known time ransomware hit medical devices.
A large portion of the WannaCry infections occurred through bots. By identifying unsecured devices without patched vulnerabilities on the Internet, the bots were able to load the ransomware. Once on a network, those infections then self-replicated to other unpatched devices on the same network. In some cases, an individual in the attacked organization clicked a malicious link, allowing the ransomware in.
Although your employees pose a significant risk to the security of your systems, they are also one of your greatest assets when it comes to keeping your data secure. The WannaCry attack is the most recent to show just how much you and your employees need to follow, at a minimum, the following three practices:
Effective and frequent phishing and ransomware training and reminder messages. Good training is something employees actually look forward to. Dont limit yourself to a boring, dry, much-too-long session once a year. Frequent, brief sessions (no more than 15 to 20 minutes) will keep data security principles and practices at the front of your employees minds. I include many recent examples of cyberattacks in my 15- to 20-minute training videos, and many of our SIMBUS360 training clients ask for more training modules right after taking them; they find them interesting and helpful for their own personal lives. When employees are engaged, they are aware. When employees are aware, they are less likely to fall for the social engineering, phishing and other sneaky tactics that result in successful ransomware attacks. (Keep in mind your training should also touch on the importance and the how tos of keeping personal computing devices updated.)
Good backup practices. Every organization should have a current backup, stored offline from the network. Importantly, you should be able to quickly restore your backed-up files should you experience a ransomware attack. When you know youve got reliable, current data stored somewhere the attackers cant reach, the fear and urgency that follows a ransomware demand can stay in its proper place.
Up-to-date anti-malware software. Some of these programs will identify the characteristics of phishing that lead to some types of ransomware attacks, and some also will identify specific types of ransomware. No software will ever detect them all, as attacks develop and evolve quickly, but theyll help lessen the blow.
Ransomware isnt going away anytime soon. Its far too easy and profitable for cybercrooks to make easy money off panicked executives and other individuals. And these crooks know humans have always been, and will always be, the weakest link in our information security efforts. Far too many vendors and IT security experts will continue to claim that training and reminders dont work. This is far from true.
A primary key to success for ransomware crooks is exploiting the human vulnerabilities in your system. Those are the ones you can most easily address. You can empower your staff to help make sure your data and your patients records stay secure. No one will WannaCry on your watch!