In a ransomware attack, the malware encrypts your data and demands a ransom in order to restore your access to the locked files. This is big business. Here are the simple yet powerful points you have to remember and follow:
- Don’t open suspicious emails. Pretty much anything unexpected or out of the ordinary is a potential attack, even if it comes from a trusted source. If possible, contact known senders separately to confirm that the email is authentic before opening.
- Learn to spot red flags. Some telltale signs of an attack include:
- Unexpected grammar or spelling errors in a supposedly professional email.
- Odd, middle-of-the-night time of sending.
- Typo squatting, in which the “From” domain looks legitimate at first glance, but is intentionally misspelled or has things added — “hacker@bankofarnerica.com,” for example.
- Buttons and links in the email that connect to unexpected, suspicious URLs. To check this, hover the cursor over the link or button, and the URL will appear at the bottom left of your window. Train students and staff to do this reflexively.
- When in doubt, delete!
The good news is that simple, proactive measures such as training users and building awareness around the gravity of cyber threats can greatly improve your organization’s security posture. By creating a culture of informed and alert users, cyber attacks can be thwarted before they have the chance to exploit your data.