Ransomware is a devastating type of malware attack that can lock your user’s files until a ransom is paid to a cyber criminal to unlock the files. Ransomware is considered a data breach since the attacker can also steal your private data, completely undetected. Ransomware is a sophisticated type of cyber attack where and unknowing end user clicks on a file that executes code to encrypt the user’s data. The data encryption can extend from beyond the user’s local computer to across the entire corporate network over Remote Procedure Call (RPC), including file backups and remote backup systems.
Annual ransomware induced costs are projected to be over 20 Billion in 2021. This figure does not include recovery and downtime costs. Corporations of all sizes, including public schools, hospitals and local municipalities are being targeted. Everyone, including small businesses are a ransomware target. It’s not a matter of “if”, but “when” will you be targeted?
Ransomware cyber criminals have no mercy. They don’t see you as a person or individual with a family that you are trying to provide for or patients who’s lives you are trying to save. Cyber criminals have no remorse. They look at an attack against you as a game of chess like cloak and dagger. They can take your data, encrypt all of your files, charge you a ransom or get you to infect two other people with their ransomware. These guys are ruthless.
Every organization, no matter what the size should have a comprehensive Cyber Security Awareness Program. This program should include the following components at a minimum in order to avoid being a victim. At a minimum, you should include these following items in your program.
Cyber Security Awareness Program:
- Humans are your first and last defense against the most crafty cyber criminal and the best of technology. Teach your employees how to spot a cyber threat or phishing attempt thru an online training program from Ingenium and KnowB4.
- Use Antivirus Software. Antivirus software should be used on every computing device in your company that can connect to your network. (Laptops, Desktops, Ipads, Android Phones, Servers, PACS, etc) There are a number of great Antivirus companies out there. We like TrendMicro, Sophos and Symantec.
- Use a Firewall. Everyone thinks they have a good firewall, but the truth is, unless you paid good money for it, it’s gonna get hacked. Your firewall should inspect all traffic and only allow the specific ports that are being used to be open. The most common ports to have open are 80, 443 and 25.
- Scan all email for Malware. Scanning your email before it makes it into your employee’s inbox is a great way to keep malicious threats out of your organization. We recommend a subscription from ZixCorp to help combat these threats automatically, as well as providing email encryption.
- Use End Point Protection. Do you have servers on your corporate network that are connected to the internet? You need to have endpoint protection running on them. Endpoint Protection is an added layer of security that helps protect your server and prevent intruders from hacking into your system. There are many providers in this space that charge a nominal fee for monthly protection.
- KnowBe4’s platform integrates all functions in one, easy to use GUI. Kick off training campaigns and simulated attacks to your users in minutes. You can completely customize your own templates, landing pages and simulated attachments, spoof your own domain for simulated CEO Fraud attacks with reply tracking.