Ransomware Pirates Want Your Data!
Ransomware attacks are a sad reality of life these days, they can strike out of the (deep) blue (sea) and affect your personal or your business data. OK I was stretching it with the 'deep blue sea' bit, but I'm commiting to it ??
Like all threats that need to be managed Ransomware attacks can also motivate us to take action to improve data security, and therefore privacy. If you still need convincing, despite the scary pirate picture, here are just a few facts and figures:
I could go on, but if you want some scary "fun" check out this article by Norton.
How can we all protect ourselves from ransomware attacks?
I have some tips and best practices I've picked up over my 2 decades of working #infosec, #privacy, and #dataprotection. I use them to protect me, my family, and my employers, and I'm happy to share them if they help even 1 person.
It isn't just about the trite and meaningless "don't fall for scams" or "stop clicking bad links" soundbites either. Sure they're important but 1) if they worked in isolation we'd have eradicated these things a long time ago, and 2) this is life, sometime stuff happens, so now what? How do I prepare for the worst?
Hopefully this advice can help you prevent ransomware attacks, but also minimize their impact, and recover your data quickly and safely. Below is my standard 5 tip format...
The best way to protect your data (and privacy) from ransomware attacks is to have a secure and updated backup of your data. A backup can help you restore your operations without paying the ransom or losing your data. You should store your backup in a separate device or location that is not connected to your network, and preferably not online. If it is online, such as cloud storage, don't leave it logged in on your PC and use a different (strong) password.
You should also test your backup regularly to make sure it works. This way, you can have peace of mind knowing that your data is safe and accessible.
Weak or reused passwords can make it easy for ransomware attackers to access your accounts and devices. You should use strong and unique passwords for each account and device, and change them periodically. You should also enable multifactor authentication (MFA) whenever possible, which adds an extra layer of security by requiring something you know (such as a password), something you have (such as a phone), or something you are (such as a fingerprint) to log in.
For personal life a good way to create and manage strong passwords is to use a high quality password manager app that can generate and store complex passwords for you. This way, you can have confidence knowing that your accounts and devices are protected. I'm also a believer in having a password book, OK so shoot me, this is real life and I don't care about text books here, only in classrooms.
What's greater, the odds of some Russian hacking group beating my password manager (naming no names) or them coming into my house, breaking into my safe, finding my password book, then manually logging on and stealing the photos?
If you're thinking about a company then have a documented password policy end ensure people follow it. Again, let's talk sensibly and and ignore old textbook advice that's no longer fit for purpose. 8 character passwords changing every 30 days, different for every system belong in museums with the dinosaurs. That approach costs a fortune in service desk resets, is often ignored and worked around anyway, and evidently doesn't work or we'd have no breaches by now. Look up the benefits of passphrases for you and your employees.
领英推荐
Outdated or unpatched software and systems can have vulnerabilities that ransomware attackers exploit to infect your devices. You should update your software and systems regularly with the latest security patches and fixes.
You should also use antivirus software and firewalls to protect your devices from malware and malicious traffic. This way, you can have assurance knowing that your software and systems are up-to-date and secure.
Have a patch management and virus database update policy.
I know, you're thinking "preaching to the choir Dan!" but I'm shocked at the amount of people I know personally, savvy business people, people who do all the right things at work, that leave their precious irreplaceable family memories utterly unprotected. It's heartbreaking when they ask me for help and there's nothing I can do. Painful as that is it's nothing compared to how they feel when they've lost memories of their wife, parents, children that can't be replaced.
Here it is, that advice that I just said was trite. But just because it's too often used as a stick to humiliate people with who've had something awful happen to them - positioning it like it's their own fault - doesn't remove it's truth.
Phishing emails are one of the most common ways that ransomware attackers trick you into opening malicious links or attachments that can infect your devices with ransomware. You should be wary of any unsolicited or unexpected emails that ask you to click on a link or open an attachment, especially if they claim to be from a trusted source or offer something too good to be true.
You should also verify the sender’s identity and check the URL before clicking on any link. This way, you can have caution knowing that you are not falling for a scam. Personally, if I believe an email, one thing I do is search on the internet for the company manually and go to the page that way. Is it foolproof? No. Does it help? Yes.
You have to teach your employees not to trust links in email, but you also have to help them to do it. You keep these people busy, I'm sure you wouldn't be happy if everyone spent 10 minutes psychoanalysing every email. One really effective method is to run regular phishing simulations.
And let's be clear - it isn't your/their fault if you/they fall for one of these scams, you're busy, the criminals are good, they only have to win once, you have to win every time forever. It was possibly avoidable sure, but it's happened now so learn from it but don't dwell on it. Beating yourself, or your staff, up helps no-one. The only people at fault are the criminals, it's always them, no one else.
Knowledge is power when it comes to data privacy and ransomware prevention. You should stay informed about the latest trends and threats in ransomware and data privacy, and learn how to recognize and avoid them.
You should also share your knowledge with others who may be vulnerable or unaware of the risks, such as your family members, friends, colleagues, or customers. Maybe you save the day sometime, maybe they pass it on and you save someone you don't even know 10 steps down the line, maybe not, but it never hurts.
Data privacy isn't only a right but also a duty and responsibility that requires constant vigilance and action. It's a continual and exhausting barrage of the bad guys trying to wear down our defences and play a numbers game. There's been no mercy, respite, or quarter given in the last quarter of a century or more. That won't change. I can't promise you better news.
Stay up to date, and help anyone you care about do the same.
I hope you enjoyed this article and found it useful and informative. If you did, please share it with your network and leave a comment below. I would love to hear your feedback and try my best to field any questions. Thank you for reading!
If you want to learn more about data privacy and ransomware prevention, you can reach out to me through LinkedIn, feel free to send me an invite and start a chat. I'm always happy to talk about this stuff, especially if it helps someone out. ???