If it seems like the cycle of Ransomware attacks has escalated again, you’re right!
You have probably heard us talk continually about the need to be vigilant in your defense and prepared for these aggressive and pervasive attacks on your business. In these first few weeks of 2019, we’ve seen an unusually high volume of phishing emails attempting to trick you and your staff into allowing the bad guys to invade your systems and data. Here are some of the policies, products and plans you need to protect your assets.
Don’t click links and attachments in email until you confirm the sender, the content and the purpose for the communication. Vet every email as though it was a package on your doorstep: Are you expecting this delivery? Do you recognize the sender? Is the format the size and shape you thought it would be for the contents you expected? Train your users and yourself to hover over links and double-check the web address to which it will take you. Educate staff that simply reading the name in the sender line is not always trustworthy. Check the email address itself carefully to confirm its origin. Let your key employees know that you will never initiate important business tasks, like moving money or sending confidential files, without a verbal confirmation to accompany it. Education and policy are your first line of defense and prevention!
No anti-virus or anti-malware is 100% effective, but just like a vaccination, up-to-date and properly configured products and patches can only strengthen your defense posture and mitigate the effects of an infection. Allow your anti-virus software to update as often as it needs (don’t cancel that update in the middle of surfing the web). Pay attention to those warning boxes. Take a screen shot and check with your IT professional when you think something fishy has occurred. Be patient and consistent in your defense protocol; better safe than sorry has never been more appropriate than in today’s data climate.
Sadly, even with the best of systems, ransomware attacks, and even infections, are inevitable. No business, small or enterprise, is spared as attacks become more sophisticated and coordinated. Therefore, having a safety net via a robust backup/disaster recovery strategy is imperative. Your ability to neutralize these data hostage takers depends entirely on your ability to jettison “the hostage”. If you have good copies of your data to restore on your own – you don’t need to pay the bad guys to get your data back. The time to evaluate your backup and disaster recovery plans is BEFORE you experience an attack!
Spend a few moments today, battening down the hatches in your organization. Protect yourself and your team, and let us know how we can help!
If the worst-case scenario becomes your reality – call us as soon as possible so we can help you recover quickly and get back to business!
For more information on phishing attacks, check out our webinar recording: Phishing…is this legit?