Part 4 of 4: How to Protect & Recover from a Ransomware Attack
In our previous three blogs, we covered 5 Steps for an Effective Information Security Program, Best Practices to Protect your Data, and Employing Effective Backup Strategies to Protect your Data. The final blog in our series about How to Protect and Recover from a Ransomware Attack will cover Employee Awareness Training, your weakest link in IT security.
Employees are the first line of defense!
Cyber-attacks are rapidly becoming more sophisticated and your employees are the first line of defense for your company. Unfortunately, no amount of hardware or software can be 100% effective when uninformed or unintended human actions are involved.
While there are some quick and simple points to help deliver greater employee awareness, long term protection from ransomware really requires a comprehensive ongoing security awareness training solution. Whether you design your own ongoing employee security awareness solution or use Summit's Security Awareness Service all programs should start with these basic 4 Steps:
- Do not open attachments unless they come from a known and trusted source AND are expected. If in doubt, contact the sender to verify the email and attachment are valid and okay to open.
- Do not execute software, period! Don’t launch software that is downloaded from an unknown source on the Internet. Your IT partner or network administrator should handle all software installs.
- Be extremely cautious when clicking on links in emails or social media even when coming from trusted friends or sources. Hot topics in social media are prime click bait for scams as not all links lead to legitimate web pages.
- Encourage your employees to ask your IT partner or network administrator questions. ‘Stop and think’ are two helpful behaviors that help reduce errors, but when an employee isn’t absolutely certain about a link or URL, encourage them to check with a professional before proceeding.
Raising Security Awareness
It is important to provide employees with the tools to defend against attacks that can trick them into actions that leave your organization vulnerable. Raising security awareness turns the natural human responses of your employees from weaknesses that can be exploited by outside hackers, into strengths that protect your company systems and data.
- Train Your Employees
- Ongoing training should include online interactive eLearning, engaging employees with examples of common traps, and scenario-based exercises. Education continues with frequent reminders of security hints and tips.
- Keep Your Employees Alert
- Simulated phishing attacks should be sent to your staff on an ongoing basis. Employees that fail to recognize the simulations as phishing attacks need to be identified and provided additional awareness training.
- Monitor the Results
- Understanding how your staff responds to vulnerabilities allows management to improve employee effectiveness at identifying and avoiding security threats.
Summit Security Awarenss Program
The Summit Security Awareness Program provides these features as an inexpensive ongoing service and helps prevent IT security lapses from social engineering, spear phishing and ransomware attacks. After baseline phishing testing for all staff, online eLearning tutorials, combined with simulated phishing attacks, help keep everyone alert to new security challenges. All employees also receive regular Hints & Tips and ongoing tutorials to help increase their awareness of social engineering tactics. This helps us avoid falling victim to the sophisticated criminals who work every day to threaten our vital computer systems and identities.