In 2020, U.S.-based organizations saw 65,000 ransomware attacks.
Why You Need To Be On High Alert As Year-End Grows Closer.
Because of this unprecedented increase, you and your employees need to be on high alert, especially as year-end grows closer. Why? Scammers will be sending fake W-2/tax form requests to you and your employees.
Attackers can gain entry to your organization’s system(s) via:
- Phishing (fraudulent e-mails).
- Vishing (phone calls).
- SMSishing (texts).
How Can Your HR Department Help Avoid A Ransomware Attack?
An organization's best line of defense is its employees. Because of this, your HR team must design a ransomware training program for its employees.
6 Ransomware Training Tips.
- Personalize your training for each role, responsibilities, back-end technology, and what to do when working remotely.
- Make the training mandatory and timely, i.e., how to avoid fake W-2 or payroll request schemes.
- Provide training on fake e-mails from job applicants, Amazon orders, FedEx/UPS delivery, Verizon texts, and how to how to avoid phony gift cards.
- Give people an overview of your anti-virus/ransomware software.
- Advise people on how to quarantine an e-mail.
- Provide training on viewing personal e-mails via a company networked computer.
The FBI Recommends:
- Regularly back up data and verify the integrity of those backups.
- Secure your backups.
- Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
- Only download software from websites you know and trust.
- Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
- Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
- Disable macro scripts from files transmitted via e-mail.
- Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders.
Executive Summary: The weakest link in your organization’s cybersecurity process is human error; therefore, education is the only way to reduce that risk. Don’t forget to make this part of your Employee Handbook.