Ransomware is a popular method of digital attack as it is so incredibly simple to implement. It can be introduced through the time honoured weak link in the IT security chain – the end user.
More sophisticated ransomware software will make use of security holes in routers and network applications to force its way into the target system but by far and away the easiest method of entry is to trick a user into clicking on an unsafe link in a spam email. And sadly, that’s what makes you and your business a target. You have a bank account. You have data that is valuable to your business and your employees can be tricked into installing the software.
You’re a target for ransomware if:
- You run old systems or don’t update security patches as soon as they are released.
Once a bug is found and documented it’s only a matter of time before a hacker will exploit it – but if you apply patches promptly you’ll minimise the time you’re vulnerable to cyber criminals.
- You don’t use quality antivirus software or let it expire.
Most antivirus software will protect against unauthorised programs or at least alert you to the fact you’ve started an installation. But they’re only as good as their databases at spotting dangerous activity so keep your system up to date. Updates are designed for a reason – don’t put off installation!
- You haven’t strengthened those weak links.
Teach your staff to never open email attachments or click on links they aren’t 100% sure about. You can always ask your IT support if you’re not sure if an email is legitimate and no one minds a phone call to check that an unsolicited file really was meant to land in your inbox. (It might mean the sender has a problem they weren’t aware of and will be glad to hear about)
- You don’t keep regular backups.
Ransomware works on the basis of denying you access to your files. If you have backups of those files elsewhere they don’t have a hostage. Keep backups in another location and you’re safe.
If you do find yourself the target of a ransomware demand the first thing to remember is don’t panic. And don’t pay! Disconnect from the network and contact your IT support team who will be able to reinstall your system (assuming you are now keeping backups!) and neutralise the threat.