A ransomware attack can lock or encrypt your computers and data, releasing them only once you’ve paid a ransom that will be hard to trace, although paying the ransom won’t guarantee getting your data back.
While there are lots of technical measures you can take to protect your business, you can also strengthen security by educating and training your staff to spot and prevent ransomware attacks.
Criminals are very clever at disguising fake emails so they look like they’ve come from trusted contacts or organisations. An email invoice that looks like it’s from one of your established suppliers could contain an attachment that infects your computers when opened. An email that looks like it’s from a bank or government agency could contain a link that takes you to an infected website that will download ransomware on to your systems.
On top of that, the email server of your client or supplier can be hacked and used to send emails containing harmful attachments. Because it is a source which is trusted by your email system the messages will be deemed genuine and your antispam filter might not stop them.
Everyone who uses your IT systems needs to be alerted to these dangers and trained how to respond. It’s not as scary as it sounds and involves mainly introducing common sense procedures that everyone needs to follow.
These include best security practices such as generating strong passwords and minimising opportunities for criminals to take advantage of insecure user activity. Criminals are always looking for weaknesses and can employ social engineering to force employees to open the website or click the attachment. Introducing best practices and ongoing training reduces the opportunities for them to strike at you.