Preparation Is the Best Defense: 5 Internal Training Tips for Fighting Ransomware

It’s no surprise that ransomware attacks are on the rise. In fact, Malwarebytes reports that their users saw a 363% year-over-year increase in ransomware attacks between the end of Q2 2018 and Q2 2019. Along with an increase in number of attacks, the average ransom jumped to more than $190K in December, 2019. Cybercrime Magazine also claims that organizations will fall victim to a ransomware attack every 11 seconds by the end of 2021. And, as we explored in our piece on ransomware trends, attacks are also becoming more sophisticated and more targeted. These days, nobody is safe. But vigilance is your remedy. Here are several proactive ways you can curb ransomware through internal training.

Host Training Sessions

Most ransomware enters into the network via phishing attacks. In the past, these attacks were easy to spot. But attacks are becoming more sophisticated and scammers are no longer casting wide nets. Your users must understand that ransomware attacks may appear to come from someone they work with. Email addresses may look almost identical to your corporate domain. Emails may appear to have legitimate requests from co-workers. You must teach your team exactly how these scams work and show them examples so they can see for themselves how convincing an attack can look. Prepare some training materials and schedule a formal meeting to help teach users about ransomware and phishing—and their role in prevention.

Message More, Email Less

While ransomware is typically the result of phishing attacks, other phishing emails contain devious works of social engineering. Shark Tank host and millionaire investor Barbara Corcoran recently fell victim to one such an attack when a scammer emailed Corcoran’s bookkeeper from an address that looked like that of Corcoran’s assistant. The email requested payment for a renovation that cost nearly $400K. The bookkeeper initiated the transfer, but luckily Corcoran was able to stop payment in time. A surprisingly simple way to prevent successful phishing emails is to rely less on email for internal communications. Many businesses will instead share their work and collaborate through productivity apps like Slack or Microsoft Teams. When peer-to-peer messages are hosted inside a secure platform, it’s much more difficult for scammers to succeed.

Test Users With Fake Phishing Attacks

Teaching users is one thing. Testing them is another. Since ransomware often comes through email, consider using a tool that allows you to send fake phishing emails to your users. This is a great way to find out who’s being vigilant and who might need some extra help spotting ransomware. Phishingbox and Knowbe4 are two popular options. Many of these tools also allow you to conduct other kinds of security-focused tests so users can be prepared for many kinds of threats.

Teach Users About Spam Filters

Spam filters from vendors like Barracuda are a great way to make sure ransomware emails never make it into user inboxes at all. With quarantine features, it’s easy for users to review sketchy emails without worrying about clicking on something they shouldn’t. If you haven’t implemented one already put a spam filter in place and make sure users understand how to use it effectively.

Teach Decision Makers About Effective Backup and DR Plans

Decision makers in your organization must understand the ransomware threat. It’s up to you to show them what it takes to keep your business safe should education and proactive measures fail. Make sure they know that backups can save the day if a user mistakenly invites ransomware into your network. Restoring a recent backup is the best way to get data back without paying cyber-scammers. Be sure your plan includes concrete goals: Recovery time objectives (RTO) ensure that if you do get hit by a ransomware attack, you can restore your data before downtime is too much to take. Meanwhile, a recovery point objective (RPO) will ensure that you’re never losing more data than you can tolerate. When considering retention policies for backups, make sure you have backups going back at least a few days. You’re out of luck if you try to restore a backup of a machine that was created after ransomware locked it down. Also, be sure you store backups both locally and offsite (co-location facility or cloud or both). This ensures that if ransomware locks down your local network, your backups aren’t locked down as well.

Act Now

Ransomware is a threat to any business. If you couldn’t access your data what would you do? Lose it? Pay the ransom and hope you’ll get it back? Instead of worrying, take proactive steps that focus on prevention, then use a carefully implemented backup and disaster recovery (DR) plan as a safeguard, should your precautions fail. If you’re looking for a bullet-proof approach to business continuity that even ransomware can’t touch, consider StorageCraft’s line of backup and DR products and services to give you the protection you need.