A Kidnapping Survival Guide: How to Combat Digital Ransomware (Part 1)
Kidnappers can easily take your digital information using one of the most dreaded types of malware: ransomware. Cyber-criminals are relying more and more on these malicious programs to block our computers. Now, they are asking for larger amounts of money if you want them to “give back” access to your hard-drive.
The losses that a business can incur from an attack of this kind are enormous, which is why it is essential to be knowledgeable about the basic precautions that should be taken if you are in this type of situation. First to prevent these types of attacks; and then to fight them.
We have prepared a summarized guide with the essential things that you need to be aware of. Here they are:
- Do not forget the basics. Ignore any of the “simple” measures, which can be fatal for your company’s security. For example, if you allow your company’s employees to open email attachments containing executable files (like a PDF or Word document with a clickable tracking number for a delivery), then you are opening the door for cyber-attacks.
- Remember that “human factor”. People are your business’ weakest links when it comes to security, since it is usually much easier to trick them then to trick a machine. It is essential that you give your team the right skills (for example, teach them how to recognize a supplanter or a suspicious email). Your employees can be your company’s best shield against ransomware, or they can be the black hole your organization falls into.
- Perform an inventory of all of your company’s hardware and software. If something leads us to grow suspicious of a potential attack, it is important to know what “it” is and where we can find “it”. How fast you are able to respond to an incident will largely depend on how long it takes you to locate the affected computers and systems.
- Compartmentilize your company’s network, or in other words, divide your company’s network into areas with different access profiles. Apply internal rules to define the type of communication that can be exchanged between these groups and the privileges they have during certain events, in order to prevent greater problems.
- The safety of our corporate network isn’t the only thing we need to worry about. Every computer (computers, tablets, mobile…) used by employees in the organization must be protected because they are both an entry point and a first line of defense against any type of infection. For instance, when a laptop connects from an external network not belonging to the company, the risk for infection is multiplied. We must prepare ourselves.
- Buy a good security solution for your company. If you are constantly updating your database, then an anti-virus will more likely and more rapidly be able to detect all kind of threats, even some of the newest ones.