4 THINGS YOUR COMPANY NEEDS TO DO TO AVOID RANSOMWARE ATTACKS
- Know What a Suspicious Link Looks Like
It’s a little odd, but everyone in the company must develop click anxiety. Everyone on your team must question every link and attachment that comes across your screen. If the email, link, or attachment shows any of the following characteristics, you must not click until it can be verified:
- Shortened links – Ransomware creators and phishers hide the true destination of a link using common URL shorteners including Bit.ly, TinyURL, and Owl.ly
- Unsolicited emails – Emails containing links that ask recipients to confirm/verify information or change passwords, when the recipient did not make the request in the first place. This is likely a phishing scheme.
- Links with strange characters – Links that contain garbled characters, numbers, letters could be coming from hackers that use URL encoding to hide the destination of the link.
Malicious links may also be hidden within anchor text. For example, a recipient may receive an email with a link hidden within “your wedding photo gallery”. Instead of clicking, hover (when on a laptop/desktop) over the anchor text and URL destination will become highlighted. If you don’t recognize it as a trusted source, don’t click it.
- Perform Frequent Backups and Use the Cloud
Ask yourself how much data you can afford to lose. Is it three-months worth, three-weeks, or three-days? Your backups need to be performed to meet your needs. However, doing so this manually can be time consuming and less efficient. By adopting cloud hosting you address your data backup needs by generating redundancy in your approach to information management. Backing up data to the cloud in real time will effectively reduce your reliance on manual backups and physical infrastructure, which in the end will make you less susceptible to hacker demands if a team member inadvertently or intentionally click a malicious link or attachment.
- Adopt Advanced Endpoint Threat Protection
There are choices you can make with respect to your software as a service (SaaS) that will help protect your business from ransomware delivery. For instance, adoption of MS Office 365 is one. MS Office 365 offers enterprise level threat protection with real time protection. This includes securement of staff and company mailboxes and other applications where malicious links and attachments can be delivered. The SaaS also offers holistic security in Microsoft Teams, Excel, PowerPoint, Visio, SharePoint Online, OneDrive, and Word. View more on how Microsoft 365 can stop ransomware.
Investment is advanced endpoint threat protection for your business is no longer a luxury – it is essential.
- Secure the Services of an IT Firm That Provides Ransomware Protection
The above can be effective, but management can be so resource intensive that you may spend a greater effort playing defence against ransomware and cyber attacks that you neglect the normal course of business – everything that you need to do to better serve customers/clients and grow your business. This is why you should explore the option of a service provider to manage your in house IT and handle day to day IT service management for your company.
But consider this.
In the first item above we addressed the need for real time data backups and using the cloud. While this will help mitigate the risk of all that can come from a cyber attack, don’t let this lull you into a false sense of security. Beginning November 1, 2018, an update to Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) was released. From this date on, businesses are required to alert the Privacy Commissioner and Canadians if their personal information is compromised as a result of a data security breach, or face an up to $100,000 fine. So even though having backups in place to take the power away from cybercriminals preying on click-happy staff, you could end up paying much more from either a fine or public relations that comes after consumer data is compromised.
Bring in IT support to help you institute a security protocol. If you have questions contact Expert IT solutions here or chat with online when it’s convenient for you.