If there’s any cyber-attack that has an ominous name, it’s ransomware. This type of attack is expected to be one of most pervasive in 2017. It’s easily one of the costliest threats for companies to resolve and because of that, one of the most popular for thieves. The financial industry is a constant target of these threats, especially those institutions that are vulnerable due to employee behavior. Understanding your internet risk level is the first step to preventing a business-ending catastrophe over the coming months.
Ransomware is just what it sounds like, only it involves the abduction of valuable business data. Companies often ultimately end up paying to either get their data back or keep it from being published. And they pay a lot. As of the end of 2016, the ransomware industry is worth about $1 billion, up from $24 million the year before. It’s clearly a growing problem and one your company is likely to be the target of. When it comes to protecting your business, your own employees are your first line of defense, and it is crucial to ensure they are able to safeguard sensitive company information and data.
The Growing Problem of Ransomware
Very recently, major enterprise server company MongoDB was hit by a ransomware attack that took out 27,000 of its servers. Hundreds of organizations were hit with demands for payment in order to get their necessary business data back. Not all MongoDB customers were hit; instead, the ransomware used opportunistic attacks on vulnerable targets. Companies that were unaware and unprotected found themselves under siege.
Though they can take different forms, ransomware attacks often work by freezing company information and demanding payment. Companies frequently have to pay the ransoms, and often, there’s very little recourse. Hackers demand payment using a form of virtual currency known as bitcoin, which is difficult to trace. People who conduct these attacks have the relative security of knowing they’re hard to catch. They know it’s a crime that pays, which is why it’s possible these attacks will double over 2017.
Ultimately, hacking is a numbers game. Hackers rarely target a specific source and instead look for easy victims who fail to protect their data. Any one of your employees could be one of those easy victims. To prevent ransomware attacks in 2017, eliminating vulnerabilities in your organization will be the most proactive move you can make to protect your assets.
Finding and Reducing Risk Company-Wide
As the number of devices that attach to your network increases, so does your vulnerability. Chances are, your employees are accessing your data on company and personal laptops and devices. Step one is finding the devices that attach to your network and ensuring they meet your security compliance standards.
But more importantly, you need to know what your employees are doing on those devices. Ransomware is almost always caused by someone accidentally installing the software on a device with access to your network. To prevent this, you should:
- Require employees to register devices – If employees are accessing your company’s network, know which devices they use and if those devices are secure. A master log of them will make it easier to find a breach if there is a problem in your network. It will also help to keep track of important security updates.
- Ensure that your employees are adhering to cybersecurity best practices – This includes not clicking on links or attachments in employee emails unless those attachments are expected. This also includes not installing unapproved apps onto company mobile devices.
- Backup all data frequently – Ransomware attacks are often dependent on companies having poor backup protocols. If data is stolen or encrypted, a recent system-wide backup could save you from having to pay a ransom.
- Use VPNs for traveling – One of the best ways employees can protect company data on mobile devices is to use a virtual private network. This prevents them from connecting with malicious hotspots and causing a data breach.
- Keep employee privileges reasonable – Without administrative privileges, your employees can’t download malware. Leave software installation up to your IT people and give out the option to add software sparingly.
- Use Remote Risk Assessment (RRA) to get a risk heat map – Employees may not know the appropriate procedures to follow, or they just might not follow them. Either way, you can use RRA to interview employees on company cyber security protocols and get an idea of where your areas of weakness lay. This voice-based risk assessment technology can be used to root out both issues with training and simple negligence where employees aren’t following rules they know about.
- Retrain employees on threats – Employees in higher risk segments of the business should be retrained on the real risk of these cyber security threats. Those who are unable to follow procedures should have access to the network limited.
Being proactive is key, and assessing your current situation as well as implementing new screening efforts like RRA are the biggest factors in locating and stemming the risk of ransomware through employee behavior. RRA is a means of locating the highest risk areas of your institution and completing simple, automated telephone interviews as a security audit. Having employees engage in this simple process can be an important tool in preventing a technological and financial disaster for your company. For more information, contact us today.
Lead Image Source | Flickr user Christiaan Colen