Do you know the signs, exploits, or attacks that could bring down your organization’s systems?
Most IT professionals feel confident in being able to recognize an attack, but your users may not know all the signs – or the ways to avoid them!
So here are a few common sense tips for you – and your users! – to get ready for ransomware.
For your users
There are a few common ways cyber attackers try to hack not just systems, but people! Beware of these tactics that try to trick you into agreeing to infect your computer.
Learn to identify a suspicious email
So what exactly is a suspicious email? It is more than just spammy junk mail, or the obvious scams.
There are a few typical forms:
- The email will pose as a site or app that you use – e.g. Dropbox, your HR department
- It might appear to come from a coworker. Or a vendor. Or a boss. But something seems off about it.
- It might pose as the IT Help Desk, asking you to update your email password.
No matter how the email arrives, there are a few ways you can deal with it:
- Contact the person or department who sent you the email – but don’t “reply to” their email address. Instead, use a secondary form of communication to contact them. Text them, phone them, send them a tweet – but verify that they actually sent the email.
- If the boss asks for a big money transfer and you can’t (or don’t feel comfortable) getting in touch with them, check with other VPs to be sure.
- If there is a link to a website with an account portal for logging in, don’t just trust that it looks like a portal you’ve used before. Check the URL address to see if there is https or http. If it is http, you are in trouble. The biggest signifier of a “look-alike” site is that it won’t be secured (you won’t see the “s”) – it is much harder to fake a website if you have to secure it.
- See a Microsoft Word attachment? Don’t open it until you know where it’s from. Hackers can put scripts into Word documents that will execute programs and open your computer to attacks.
We all know how annoying pop ups are. But that is not the only way you will see cyber attackers use online marketing tools for their own ends. From 2015 to 2016, the number of malvertising ads doubled.
Malvertising applies not just to banner ads or pop ups – it is appearing more and more in SEO results, such as paid ads on Google, using your own search results against you.
Regardless of which way malvertising shows up, there are a number of steps you can take to prevent it from tricking you:
- Use an ad blocker.
- Make sure you are using antivirus software – even if you are on a Mac!
- Keep your plugins or extensions in your browser updated. They are easy, weak spots that hackers will exploit, but if you have the latest version, you are likely to be protected against most of the already known weaknesses.
- This goes ditto for your browser – keep it up to date!
And the last – but most important – thing you can do to stay on top of ransomware is listen to your IT team! They have your back, and they want to keep everyone safe.
So now that the front line is ready and aware of the kinds of attacks out there, it’s time to check on things from the IT side.
It’s your job to cover your bases – and plan for the worst. So where do you start? Take a look through this list to make sure you have thought of everything.
Are you confident in your ransomware recoverability?
This may seem like an obvious question but many people think backup software protects from ransomware, and sadly it doesn’t. Ransomware can infect your backups as well as your main systems.
Are your backups in an immutable format that cannot be accessed or altered by ransomware?
One way to be sure ransomware can’t get in is with immutable snapshots. If your data management or backup system can’t create these, you may find yourself with a big price tag to pay.
You might even have immutable files, but if the whole disk is encrypted under that, it won’t help. What you need is immutability where the backups are stored in a format only accessible by the recovery mechanism, not by the normal disk techniques that ransomware uses.
Do you keep some backups offline?
If you know you have proven, clean, recoverable backups, store some offline so they won’t get infected.
Do you have a disaster recovery plan that includes attacks from ransomware?
Natural disasters aren’t the only threat that can wipe out an entire data center. When ransomware hits, it’s pay big or lose big – and in some case, even if you do pay, you still won’t be able to recover your data. So what do you do?
Make sure your data is safe, replicated, immutable, and with even some regular backups stored offline, at another site, or on another network.
Once you are trying to recover, you need make sure your backups have been tested and are recoverable. Mishandling a recovery can lead to corrupted data, which may be just as bad as the encryption from the ransomware.
So make sure you are using the right software to keep your data safe.
Educate your users
And be sure to keep sending those friendly reminders to your users. Bribe them with doughnuts to attend your ransomware training.
They are the first line of defense (or weakness) against a ransomware attack, and they are your best bet to stay safe (or get infected), so keep them on side.
Last but not least – updates!
Make sure your OSs are fully up to date with the latest security updates – neither WannaCry nor NotPetya could have spread if companies’ Windows Server OS were fully up-to-date.
Most ransomware attacks begin with phishing or other exploits aimed at getting you to take a specific action, such as clicking a particular URL or enabling a certain program. When you and your staff are trained to recognize these attacks, you won’t be so vulnerable.
But even if the training isn’t perfect, you can defend yourself against ransomware! Use the common sense steps above to avoid an attack in the first place.
And if you want to be extra sure you are ready, fill in our more technical questionnaire and find out if you have weaknesses ready to be exploited.