Recently, I attended a Cybersecurity Town Hall where the subject of ransomware was discussed. It was a great conversation and talked about the various ways you can prevent or circumvent ransomware. Of course, backups were one of the most mentioned methods to recover from a ransomware attack. Using endpoint protection helps keep ransomware off the devices to avoid having to recover. But probably one of the best approaches I heard to dealing with ransomware was the employees themselves.
Yes, your best defense happens when employees prevent the introduction of ransomware or malware by not letting them in the network to start with. That all starts with a good security awareness program. When you teach your employees not to download certain types of attachments or click on potentially malicious links, then those bad actors won’t invade your network.
Security awareness can start with just a simple, easy to understand e-mail to all your employees, explaining what to watch for and how to avoid falling for the traps. You know the drill. Don’t ever download and open files with .zip, .exe, or enabling macros on downloaded spreadsheets. Those and other attachments can be harmful and bring in the bad actors. If they do open a file by accident, an immediate scan of the device is in order to make sure the malicious software is contained.
In the case of links, hover over the link to see where it might go. If you do click on a link that asks for a password, don’t ever enter it until you have thoroughly vetted out the situation. If it’s from PayPal or a financial site, is there any reason you might have an e-mail sent to you asking you to enter credentials? If anything, log onto the site directly to see if the message is in the site’s message center.
When your employees are forwarding e-mails to your Information Security department, count that as a victory that you’ve succeeded in creating awareness. Answer every e-mail and give them the confidence that they are doing the right thing. Yes, it can get a little tiresome at times, but remember that they are your first line of defense. So take the time to respond.
When your employees have your security back, you know your job will be a little easier.