How to Prevent Ransomware Attacks & Phishing Scams
When it comes to cybersecurity, the last year has been a challenge in the business space.
As employees head back to the office for the first time since the start of the COVID-19 pandemic, it’s a great time to refresh protocols to prevent ransomware attacks and phishing scams.
Cyberattacks Are on the Rise – Are You Prepared?
Cyberattacks are on the rise across the country, with many ransomware and phishing attempts aimed at small businesses, schools, and city governments. Recently, the Colonial Pipeline was shut down for a week because of a ransomware attack – a type of attack that is increasingly common.
Department of Homeland Security secretary, Alejandro Mayorkas, noted that “Small businesses comprise approximately one-half to three-quarters of the victims of ransomware.”
But it doesn’t stop at ransomware; phishing scams are becoming increasingly sophisticated and effective. Phishing emails are made to look like they were sent from your boss, prospective clients, and government agencies – just to name a few.
Even worse: if an email account has been compromised, the email will look completely legitimate and makes it almost impossible to identify as a compromised email.
The best defense of these cyber attacks is employee education and a multi-level back-up strategy. Here are a few tips to keep your employees – and your company – safe.
Hacking related to email continues to be the bane of business operations. Phishing attacks have been increasing in the last month. To help mitigate phishing email attacks:
- Do not open attachments from anyone that you are not a party to. If you’re not sure, you can always pick up the phone and call that person to help validate the email.
- Do not click on links in emails from anyone that you are not a party to.
- In general, be extremely careful with attachments and links from people you know as you never know if their account has been hacked and is sending out malicious emails.
- Find out how KnowBe4 can help train your employees how to do all of the above.
- If you accidentally click on a link that you believe is malicious, immediately turn off your computer and call us.
2. Wire Fraud
Hackers continue to target companies through wire fraud. They are either hacking into client mail accounts or using faked spoofed email accounts to request wire transfers. Typically, once the attack has occurred, you have several hours/days to hopefully recoup the incorrectly transferred funds. To combat these exploits, you should:
- Create internal processes where wire transfers should only go through you accounting team.
- Do not rely on an email or text to confirm the actual wiring of the funds.
- Implement a process so that a phone call or a face-to-face meeting from the requesting party is required with your accounting team prior to any funds being released.
3. Web Surfing
If possible, limit your web surfing on company devices to work-related sites only, specifically ones you know are safe. Over the last several weeks, many “reliable” websites have been hacked and have links in them to point to malware, viruses, etc.
4. Remote Access
Many employees are using a personal device at home that isn’t managed by the company. There are risks of accessing resources in the office that can compromise even the systems in the office. To help mitigate those risks:
- If you are remoting into a desktop in the office, make sure to log off of it when you aren’t working.
- If your office has webmail, limit access to that page from your personal device. If you can use Outlook or another mail client, use that instead.
- VPN: do not use VPN on a non-company deployed device. We can provide you remote access to a desktop in the office in a safer method.
Below is a screenshot of scareware. It is designed to scare you into thinking there is a problem with your computer. When presented, the hackers provide a phone number to call them. From there, an agent picks up the phone who resembles a tech support agent who then asks for access. If allowed, they will remote into your computer and tell you that your system has been infected. The reality is that there typically isn’t a problem and a reboot makes it all go away.
If you ever experience this, do not enter in any information or call anyone other than your trusted IT team.
How to Get Started
Your best defense against ransomware and phishing scams is a combination of training your employees to recognize threats and backing up your business with a multi-level system.
At GO Technology, we have decades of experience helping companies maintain secure, safe IT operations. Contact us to learn more about preventing ransomware attacks and phishing scams.