Real World Risk Management Practical HR Resources
welcome
Are you a new user?
REGISTER HERE





RETRIEVE PASSWORD
print   email   Share

Make Employees Part of Your Cybersecurity Solution

System security experts have seen a significant increase in ransomware attacks, particularly after many employers moved to establish a remote workplace as a result of the pandemic.

Not only is the number of attacks rising, the sophistication of those attacks is increasing. Many ransomware attacks not only encrypt all the files on an infected system, they also steal sensitive data, which results in a double payoff to the cybercriminal - ransom to unlock the system and payment from selling the stolen data.

Today's primary targets include financial services firms, IT, government, and manufacturing; however, no organization, no matter the size, are safe.

Five of the more threatening attacks facing businesses in 2020-2021 are:

Maze: A well-known ransomware that both encrypts data and steals sensitive information and publishes the victim's files on the internet. IT and health care entities have been recent targets.

REvil: This ransomware also encrypts the victim's data and is known to double the ransom if the initial request is not paid in time. A media and entertainment law office was a recent victim of REvil, which compromised the personal information of some well-known celebrities.

Ryuk: A major player among cyberattacks, this crypto-ransomware focuses on large businesses and government agencies. It uses other malware files to infect the system, as well as strong algorithms to encrypt files.

Tycoon: This unique ransomware uses Java language and targets Windows and Linux. Although the number of victims is relatively low, it has recently become more aggressive. It exploits weak or compromised passwords and uses a variety of tactics to stay hidden.

NetWalker: Also known as Mailto, NetWalker is new to the ransomware scene, and seems to attack remote networks. The malware infects a network primarily via phishing emails and executable files. Pallavi Dutta "Top 5 Ransomware Attacks to Watch Out for in 2020-2021" securityboulevard.com (Sep. 03, 2020).

Commentary

Whether it is a weak password, a careless click on a linked file, or reckless use of an unsecured WiFi connection, a user’s misstep can lead to malware infection and serious network problems.

Even so, employers should not simply view employees as a security problem, but also as part of the solution. An intentional cybersecurity education program can put your employees in a position to keep your network secure and help mitigate malware infection risk.

Make sure your employee training program includes ongoing updates and emphasizes individual responsibility. Focus on changing passwords often and making them long and strong.

Train on social engineering – the scams cybercriminals use online to convince people to open files or click on damaging links. Be sure to cover the topic BECs – Business Email Compromise or “CEO fraud.” In this scam, cybercriminals send a spoof email using the name of a high-level executive in your organization, which purports to tell the employee recipient that the executive is “out of town”, in an unanticipated “bind with a client”, and need “funds transferred immediately”. Train employees to never go outside the usual procedures for funds transfers without personally checking with the executive, by phone or some other verifiable method, other than email.

Finally, your opinion is important to us. Please complete the opinion survey:

Credential Stuffing: A Singular Reason Why You Need To Have Different Passwords For Your Accounts

The FBI warns businesses of the growing threat of compromised login credentials. User password behavior is a big part of the cause. We examine.

read more

Is Having A "Gold Image" The Key To Defeating Ransomware?

A hospital employer says a cyberattack led to the death of a patient. Read how quality backups keep clients safe and allow you to say "no" to paying cybercriminals.

read more

Cybersecurity Training Remains Important Even In Lockdowns

Minimizing administrator privileges and conducting annual training are two ways to keep data safe. Learn more.

read more

Watch Out For Phishing Emails Claiming Layoffs And Other COVID-Related Topics

Cybercriminals are sending emails, claiming their target has been laid off, among other COVID-related phishing scams. Read how to help protect yourself.

read more