December 3rd, 2013 by admin
Last week, we wrote about the rise of Cryptolocker and Ransomware viruses, the new breed of malware virus infecting host computers through malicious email attachments, and spreading rapidly through its use of commercial-grade RSA encryption and Bitcoin, a universal, virtual currency. Unfortunately, it looks as if the problem will continue to get worse before it improves, and the security industry does not yet have viable solutions to stop every one of the malware’s many variants from infiltrating networks. As the crooks hire the world’s top programmers to create hundreds of new variations on a daily basis, fighting back may seem like a truly daunting task.
Why "Best Practices" Security Defenses aren't Enough
In spite of the plethora of anti-virus “best practices” defense layers installed in many organizations (including external cloud spam filters, firewall malware filtering, anti-virus systems on servers and workstations, and anti-virus systems on Exchange servers), some Ransomware is still sneaking through. And despite the importance of a comprehensive backup and disaster recovery program to help your organization recover from a cyber attack, backup is not a virus-preventative solution.
While these “best practices” security systems are extremely important, we must rely on another, more reliable solution to protect ourselves.
Awareness Education is the Key to Ransomware Prevention
Awareness Education is the only foolproof method of preventing a Ransomware attack, and should be of critical importance in every business. All employees should know how to be sure their anti-virus defenses are updated and running properly, how to identify a malicious email, and how to respond to a problem if they sense anything fishy.
Ransomware is only harmful if the end user opens the infected email attachment, thereby allowing the virus full access to the computer’s files. It is therefore completely preventable, but only with the proper awareness.
Ideas for implementing effective Awareness Education in your business:
- Schedule a company-wide mandatory meeting to discuss the latest security threats, awareness methods and skills, and what to do if someone is attacked. It may be beneficial to bring in a security expert or trusted IT consultant to lead this discussion. To make this meeting a bit more exciting, have it catered and hold contests (who can spot the phishing email?) for small prizes.
- Post security awareness tips in easy-to-see spots throughout the office – in the kitchen above the coffee maker, in the bathroom by the sink, or taped to the inside of each stall door (yes, this sounds a little weird but hey, it gets the job done!). Put them anywhere people are sure to see them. Update the tips regularly to keep your employees engaged.
- Hold a “Security Awareness Quiz” where employees answer questions about basic awareness education. This can include picking the malicious email out of a seemingly safe inbox and what steps should be taken to properly remove and/or report it. The winner receives a small prize. Make it fun!
These are just a few ideas for beginning a Security Awareness Education program in your organization. The most important thing is that you start something, and stick to it. Don’t become a victim of Cryptolocker and Ransomware – get educated today!
As always, consult your trusted IT Support team more more information and ideas about beginning a Security Awareness Program.
Don't be a victim!
Check out the other articles in our Cryptolocker and Ransomware blog series to get more information about protecting yourself:
Posted in: Cyber and Data Security