Cybercrime: You and I face the threat every time we connect to the internet. And one of the most disruptive and widespread forms is ransomware. In a ransomware situation, the criminal has ‘kidnapped’ the victim’s data and demands payment. This kidnapping could take the form of a “lock-down,” an “encryption,” or a “doxxing” situation.
In a lock-down, the system itself has been completely “locked.” Logins are no longer successful… no one can get back into the system at all without the specific instructions from the cybercriminal.
If encryption is involved, then it may be that initial access to the system has not been disturbed. However, files containing valuable or critical information have been “encrypted” and cannot be opened again without obtaining a matching decryption key.
A third approach would be a threat of “doxxing.” In this situation, confidential information has been obtained from your system and the perpetrator is threatening to publish it elsewhere on the Internet.
In all three of these scenarios the criminal demands that a ransom be paid. And because they are a criminal, you have no guarantee that paying the ransom will solve the problem. There have been occasions where after payment the system access or data is not restored or the information is still published.
So how do you protect yourself from ransomware? Here are five steps to take:
- Educate your employees – roughly 70 percent of breaches come through employee mistakes, such as clicking on a phishing email. Provide training to make them aware of the danger.
- Keep your software updated – patches and new versions of software frequently include changes designed to block security weaknesses. Without them, you are more vulnerable to attack.
- Make regular back-ups, and keep those back-ups separate from the system – In the event of a successful ransomware attack, this is critical to recovery and avoiding the need to pay a ransom.
- Monitor the gateways to your system for unusual traffic – you have a better chance of detecting and stopping an attack before it shuts you down.
- Appoint a Chief Information Security Officer (CISO) – your business needs someone focused on securing it from unauthorized access and protecting it from direct cyber attacks.