Five Tips to Reduce Risk of Ransomware Attacks
By Robert Graf, CEO and General Manager of ProLion GmbH
Edited by Dr. Terry Kibiloski
Robert Graf, CEO and General Manager of ProLion GmbH, which is a developer of ransomware protection and data integrity software solutions, has outlined five actions a company needs to take to reduce risk of ransomware attacks. According to analysis from NCC Group’s Research Intelligence and Fusion Team (RIFT), ransomware is UP by over 200% in the first half of 2021. Therefore, ProLion has issued these five top tips for employers wanting to secure their organizations from ransomware attacks as a direct result of insider threats or plain negligence.
According to Graf, “Ransomware is a type of malware where key files are encrypted by hackers that then renders data inaccessible to the victim. To put it bluntly it is criminal extortion which sees hackers promising to restore systems and data when ransom is paid by the victim.” He continued, “But with many employees still working remotely, many organizations are struggling with breaches as a direct result of poor security management. This can and does open the door to an insider threat – either through negligence or malicious intent.” ProLion’s Five Point Plan for HR and risk and compliance teams which, if implemented throughout a distributed enterprise, will, according to Graf, lead to reduced risk of attack.
- Don’t store proprietary data on personal laptops. This makes any remote worker a highly attractive target in the first place. This risk has increased dramatically because of people working from home as a result of the pandemic. And while efforts have been made with the roll-out of new security levels, if your employee still stores data on their hard drive, not a lot will stop the hackers and while this is plain negligence, businesses must also recognize the issue of insider threats.
- Be sensible with digital profiles. Employers must take a stronger line on employees who continually post where they work and what they do. Guidance needs to be issued to all employees on what can and cannot be posted on social media in relation to their jobs. No one is suggesting pulling off social media platforms altogether, just being more circumspect on what information is posted.
- Demand passwords that are as tough as possible and not the same one across all employee accounts. It should also be stressed to employees that when they are prompted for a change in a password, they do just that – change it and not just reuse the old one.
- Prevent browsing, which can cause malware infection. There are plenty of security tools out there that block access to certain sites if you are working on a company laptop. But if an employee is using their own laptop you may have less control. The message for employers and employees alike is to get educated on the very real possibility that you could end up with a malware infection as a direct result of visiting a dodgy site.
- Don’t engage in online conversations with people you do not know. We all know the risks associated with catfishing. Your personal data or your employer’s data is a highly attractive target for many.
Graf concluded by saying, “Today’s distributed business and IT environment, when seen in conjunction with the inter-connectivity of digital commerce, means an expanded attack surface for bad faith actors. Like the bank robbers of old, cybercriminals go where the money is accessible, and the easier it is the easier for them to reap benefits from extortion. It only takes one click by an employee to infect an entire network, spreading from a local computer to Network Attached Storage.” According to Graf, it is time for business leaders, risk and compliance experts, IT departments and HR to work in tandem to reduce ransomware exposure.
Robert Graf is CEO and General Manager of ProLion GmbH, which is a developer of ransomware protection and data integrity software solutions for any ONTAP focused storage environment and high-availability solutions for SAP and MetroCluster environments. Founded in Austria, ProLion’s best-of-breed CryptoSpike solution reduces system downtime and data loss to help ensure that an organizations’ data remains secure, compliant, manageable, and accessible. For more information, go to https://www.prolion.com