What is Security Awareness?
By definition aware means, “well informed about a particular situation or development“. Would you or your employees know what to do in the event of a ransomware attack? Take your time and answer these questions correctly, being able to answer them is crucial.
If you can truly answer yes, then congratulations, continue doing what you are doing. If you can’t answer with 100% certainty, then keep reading.
Since you aren’t 100% sure how you or your employees would react if faced with a ransomware attack, let’s take a moment to walk through an actual attack. Put yourself in the situation, and write down how you would react. At the end we will outline the actual steps you should take and you can grade your results.
Most ransomware attacks begin as an email. The email will appear to come from someone within your organization, this could be your boss or another co-worker. They will often have their signature, and a valid return address. An attachment of email link will accompany the email.
The most common method is a request to pay an invoice, perhaps one that is past due. Another tactic is to ask for some form of payment to be made. The request will almost always urge the person to circumvent the standard procedures.
Your employees need to know what to look for, so that they can quickly and easily and identify these types of phishing attempts, so they avoid them.
If your employee didn’t identify the email as suspicious and actually opened the link, or the attachment, all hope may not be lost. It is still possible that it is too late, but there are times when an additional step is required.
One of the most effective means to prevent losing money from this type of attack, is to train and enforce your standard operating procedures. Consider them a safety net in the event of a ransomware attack. Since an attacker will often look for ways to manipulate their target, ensuring your employees do not violate protocol will stop most cyber attacks, that require human interaction.
Don’t overlook the effectiveness of your own internal policies.
Let’s pretend for a moment that one of your employees just opened a malicious file. The file quickly encrypted all of the files on their local machine, and began tearing through all of the files and folders on your network, leaving you unable to access any spreadsheets, or even your ERP system.
What would you do?
Could you process orders, or issue invoices?
Would you have to send your employees home?
Do you have an incident response team that knows clearly what steps must be followed to ensure you are back up and running?
If you are not able to answer these questions with a resounding yes, then you need to put the steps into motion to start checking them off.
A great place to start is with a Cyber threat assessment. You can sign up for a free one here.
How to avoid falling victim to a ransomware attack.
Now that you’ve had some time to reflect on your actions, let’s look at how to successfully avoid falling prey to a ransomware attack. Not all ransomware attacks are the same, but some of the same principles can be applied.
In step one we receive an email. With all emails a quick analysis must be performed. Here is the analysis we perform with every email that makes to our inbox.
The subject and body are scanned. Then a simple yes or no question must be answered. Does this email require me to perform an action? Yes or no.
If yes, then we look at the action. If no, then the email is either deleted or archived.
For our purpose we will assume we have an email that requires us to take action. Since we need to act on the email, we will then ask another question to determine when the action must be taken.
Does the action need to be completed now, or later?
If the answer is later, then a reminder or task can be created to make sure the action isn’t overlooked.
If the answer is now, then steps are taken to complete the necessary work.
Let’s proceed with an action that can’t wait until later in the day.
The request we received is to pay an invoice via electronic transfer. Looking at the email further reveals that we have both an attachment that is a pdf, and an email link that appears to be to a website where we can quickly pay the invoice.
The request is coming from the CEO of the company, and there is certainly urgency in the tone of the email.
Several things stand out right away and are screaming that they are wrong and against company policy. However, the email came from the CEO of the company, and there is no denying the urgency this email is communicating.
At this point a decision must be made by the employee. Most employees instinctively want to do a good job, and want to be recognized for their work. Very few employees will resist a direct request from a superior, especially the CEO or President of the company.
Hackers know this, so they are counting on you or your employees to be subordinate. The more time you or your employee takes at this step the more likely you are to comply.
At this point since there are some red flags, it is best to take an alternative action. Employees feel that they are only two choices comply, or fail to comply. The third choice is to ask for more information.
Asking for more information won’t be seen as be disobedient. If the request is legitimate then others in the company should know about it. Since the request is paying an invoice to a vendor, others should know if the vendor is an authorized vendor. There should be a project or purchase order number that corresponds, and matches the internal purchase order formula.
You can also ask your IT department to verify the legitimacy of the email. You are not pawning work off on them, you are simply taking a step to gather more information.
This will be difficult for many people due to their emotional response. Hackers rely on emotional responses, and know that most people will fail to take the simple step of asking for more information.
The simple request to seek more detail is critical with this type of attack.
When in doubt, ask for more information.
If you have doubts about whether or not your network is secure schedule your no cost cyber threat assessment. October is Cyber Security Awareness Month. We want to help raise security awareness by providing you with a cyber threat assessment.