How to Defend Your Organization Against Two Common Security Threats: Ransomware and Phishing Emails

As you may know, data threats, identity theft, and other forms of cyber security cause great harm stifle productivity and result in lost business. Two of the most common today, ransomware and phishing scams, are now hitting businesses especially hard. Microsoft, for example, endured the WannaCry ramsonware cyber-crime debacle in Spring 2017, while phishing scams occur daily.

Phishing occurs when a hacker uses different strategies to trick you into providing sensitive information, such as credit cards and credentials. One common strategy is an email that looks very real but has a slightly different email address from the domain or organization you’re used to seeing.

Ransomware can be just as detrimental to your organization. Ransomware occurs through a phishing email or clicking an ad on a website in which a cybercriminal takes over your system’s built-in encryption by encoding your files and seizing your code for their personal gain. They then use this gain as leverage to try and hold your files ransom, demanding money from you to get them back – sometimes to the tune of hundreds of thousands of dollars.

Many businesses are unprepared for cyber-attacks, positioning them as sitting ducks for these sophisticated cyber criminals. Whether you’re overlooking these threats, or just not willing to invest the time and money to protect against them, there’s no better time to act than right now when it comes to the survival of your firms and companies. It’s an absolute must.

What is your best defense? Here are some strategies to not only help prevent a possible attack but also prepare you for what to do if you are a victim.

 

Ransomware: Don’t Be Held Hostage

By simply clicking a link or ad in your email, you may have ignited ransomware. And, the larger your company is in size and money, the more serious the threat and demand for ransom. Still not convinced yet? Here’s an alarming statistic: according to Computer Crime and Intellectual Property Section (CCIPS), more than 4,000 ransomware attacks occurred every day since January 2016, a 300 percent increase over 2015 when 1,000 ransomware attacks were seen per day.

Here are some strategies to deal with ransomware:

  • Back Up – Backing up your data daily is a must and the best place to do so is in the cloud. If you have to back up in a local storage device or server, make sure it’s offline and not directly connected to your desktop systems, so that the attacker can’t reach it.
  • Patch and Protect – In May 2017, the United Kingdom was hit with ransomware attacks that could have been prevented if patches or software security were in place. Make sure you install updates regularly, have a strong firewall and run up-to-date anti-virus software. Also, tap into sophisticated security software, such as Cisco Umbrella on the cloud or Mac OSX for desktop systems.
  • Get Educated – Despite patching and other strategies, there’s still human error. Do all you can to know what how to prevent ransomware and what to do if it does occur. Make sure you know who to talk to if it happens, and if it does, disconnect the internet immediately to protect your sensitive information. Everyone at your firm or company needs to be educated for this to work.
  • Defend and Don’t Pay – The last thing you want to do is pay these criminals because giving in can lead to more blackmail and deceit. If infected, alert authorities and disconnect.

 

Phishing: Be Ware of Your Email

When it comes to phishing, we must also all be educated and proactive. Ensure clients and staff know exactly how you will be communicating with them by email so that they know what to expect and that the source is legitimate. Also, keep clients and staff informed about strategies to take to recognize these phishy hackers:

  • Check the Source – An email may appear legit, but may actually be just so slightly different. Check the sending address. It may look the same, but differs from the domain or organization you’re used to seeing. If it’s suspicious, don’t click on the email!
  • Be Aware – It’s not uncommon to get a call from someone posing as a financial institution, government agency or IRS representative. These places will never contact you in this manner and demand information. Be aware and inform others.
  • Be on the Lookout – Criminals may hack your email account and send mass emails under your name. Chances are, those who receive these emails and fall for them will let you know, and you must act accordingly.
  • Urgency is a Red Flag – Often, data thieves will use urgency and other scare tactics to get you to act quickly. However, this is an immediate red flag that should tip you into their criminal activity. It smells phishy if someone claims they know a family member in a dire situation or something is too good to be true.

Have a Plan and Stick to It

One of the best-practice strategies is to have a detailed plan to deal with ransomware and phishing. However, many companies neither have the talent on staff to develop a plan nor the time it takes to complete one. Don’t give up.

 

SWK’s managed services division ranked among the top, globally. Check out our Network Services website and see how we can set up, manage and protect your IT infrastructure.

SWK Technologies, Inc.