Ransomware is a type of malware (malicious software) and cybercrime that uses encryption to block user access to data on computer networks, mobile devices and servers until the victim pays a ransom. In most cases, this malicious software is installed with the “help” of the end user, and the Internet Crime Report 2021 revealed that most of the incidents reported were phishing, vishing, smishing or pharming attacks.
You may have the most sophisticated security system and rely on the latest protection technologies, but that will not matter if you are not aware that you must avoid putting your information at risk.
There is no system that is truly 100% secure, which is why the main issue to be addressed is the end user due to the multiple security flaws related to them. In fact, the Verizon’s Data Breaches investigations report shows that, in 2021, 85% of data breaches involved a human element, including errors or misuse. Training and education are therefore key points to prevent a potential attack that can affect you directly or others.
Focusing on keeping informed about the best practices of ransomware prevention, new trends that emerge in cyberspace, and which actions you should suspect of, can make all the difference to prevent you from being attacked.
Don’t be the weakest link! Follow these simple rules for your and your colleagues’ protection against ransomware:
- Don’t trust a suspect e-mail that you have received.
- Don’t click links or download suspicious e-mail attachments.
- Don’t download attachments from your personal mailbox (e.g. Gmail) to work devices (laptops, tablets, smartphones).
- Carefully review e-mails before taking any action. Were you waiting for that e-mail? Were you already discussing this matter with your contact? Ask the sender if they actually sent it.
- Carefully review URLs and file extensions before opening them
- Take a preventive attitude, assess your organisation’s state of maturity and resilience in the face of a potential attack.
This is a huge challenge! Cybercriminals are more and more bold and creative, and technologies and process effectiveness are not enough to address the risks, which makes it important that users are aware of threats, whether in a professional or personal context. A continuous commitment to the training and monitoring of current cyberthreats is mostly a matter of citizenship and defence of the interests of us all.