[Ransomware is] the most immediate danger to UK businesses
The Chief Executive of the UK's National Cyber Security Centre is warning all types of organisations, from FTSE 100 companies to schools and other smaller organisations, that they could be at risk of cyber attacks through the use of ransomware.
What is ransomware?
Ransomware is a type of malicious software that cyber criminals can deploy on an unsuspecting person’s computer network to encrypt their files.
If the cyber criminal successfully manages to do this, they usually extort the victim into paying large fees to decrypt their files and make them accessible again.
To avoid being traced, cyber criminals often opt for Bitcoin as their preferred choice of payment as it is much harder to track than traditional means of payment like bank transfer. The amount of money they ask for is dependent on the scale of the attack, but some of these attacks have cost organisations millions of pounds.
The extortion model used for this criminal activity has evolved in recent times, with cyber criminals threatening to release stolen files online, in case the victims are able to recover their files from backups, or even if they refuse to pay.
How to best prevent cyber attacks
Ransomware is prevalent in the digital world, and with most organisations utilising online tools for one reason or another, cyber criminals will continue to pursue this method of extortion so long as organisations continue to be vulnerable.
We expect ransomware will continue to be an attractive route for criminals as long as organisations remain vulnerable and continue to pay
It is important that organisations remain vigilant and ensure that all staff are aware of the ways in which cyber criminals may attempt to hold them to ransom.
With that said, we have put together a few tips to help your organisation better protect itself from cyber attacks…
Remind your staff of your cyber security policy
It is a well known fact that human error is often the weak link in an organisation’s cyber security strategy. Therefore, organisations must periodically remind their staff of what is expected of them when using digital tools.
It is best practice for these policies to be reviewed and updated every six months to ensure that the policies are still effective and up-to-date, and this should be shared with employees each time.
This document should also be shared with new starters as part of their induction to ensure that they understand their responsibilities from the get-go.
Ensure you have cyber security measures in place
Fortunately, whilst the methods of implementing ransomware on a victim's computer have become more advanced, so have the technologies used to defend against ransomware.
As part of an organisation’s cyber security strategy, they should be continually reviewing their cyber security procedures to ensure they are using the most effective and appropriate measures.
Organisations need to consider implementing safety protocols like VPNs and firewalls, and also how they go about updating softwares, backing up data, and protecting passwords.
Train your staff
As previously mentioned, human error can be the weak link in an organisation’s cyber security strategy. With that being said, it is crucial that organisations not only remind staff of what is expected of them when it comes to cyber security, but also offer them the information they need to be vigilant of cyber threats.
Our Online Cyber Security Awareness Training course provides an overview of the types of cyber security threats that can leave a business vulnerable.
By educating all staff members, it helps provide the knowledge and awareness required to minimise the risk of a cyber attack. It also includes practical advice for keeping information safe as well as what to do if a breach may have occurred, to reduce its impact.
You can claim a free, no-obligation trial to the course today!