Many think that in order to become infected with ransomware, someone on your network has to download a program. While that is still a way to contract ransomware, there are some other ways that you should know about that require minimal effort on the part of your user. All it takes is the click of a link now to become infected with ransomware that could have you paying thousands of dollars once you’re locked out of your server and data. Here are just a few ways that ransomware hackers can trick your employees into contracting ransomware on their machine that can then infect your network:
- Social engineering.
Many think that because their Facebook account is just for social media fun that they don’t need to choose a secure password. But as a result more and more accounts are being compromised to hackers that are then tagging friends and posting clickbait links. Once the link is clicked - the machine is infected and can inject that malware into the local network, locking down your data and potentially costing you thousands if you’re not prepared with the proper backup or business continuity plan. Employee training and limiting personal use of social media on company machines is critical to avoid this type of infiltration.
- E-mail and Spearphishing.
We’ve all seen phishing e-mails that attempt to get you to click a link or download a program, but these techniques are innovating quickly. By intelligently pulling information and making communications look like they’re from someone you know (spearphishing), many are fooled into clicking the link, which then can infect the entire network. Here’s a blog we wrote on what one particular spearphishing attempt looks like. Again, in this case employee training and understanding what to look for is extremely important. Check addresses carefully and be sure to communicate internally with phones or chat programs any time a suspect e-mail comes through. Once you identify a phishing attempt, let your coworkers and network administrator know so that they can be aware and tighten up security if necessary, as well as block the sender.
- Spoofing wifi.
More and more recently we’ve been our clients to avoid public wifi all together. While it can be convenient on the go to have access to free internet, the risks are great. Hackers are now spoofing wifi by putting up a router in a backpack at Starbucks, naming it “Starbucks Wifi” and then injecting malware into computers that connect to it. Once an employee is infected, they simply have to connect into your internal network to spread that malware and infect your organization.
Ransomware is nothing to mess around with. Diligently train your employees to understand what to look for and how to surf the internet diligently. Engage your IT provider to help you tighten up security controls and implement tools to help prevent malware attacks and infections. Last, but not least, be sure to have a plan in place. Some type of business continuity plan is ideal, but if the budget is not available, you’ll minimally want to make sure that you have working and viable backups at regular intervals to quickly restore in the event of an infection.