RABco Blogs and Resources

How Your HR Department Can Help Reduce The Risk Of Ransomeware Attacks

Posted by GlennF on Oct 27, 2021 10:15:39 AM
In 2020, U.S.-based organizations saw 65,000 ransomware attacks.
 
Why You Need To Be On High Alert As Year-End Grows Closer.
 
Because of this unprecedented increase, you and your employees need to be on high alert, especially as year-end grows closer. Why? Scammers will be sending fake W-2/tax form requests to you and your employees. 
 
 
Attackers can gain entry to your organization’s system(s) via:
 
  • Phishing (fraudulent e-mails).
  • Vishing (phone calls).
  • SMSishing (texts).
 
 
How Can Your HR Department Help Avoid A Ransomware Attack? 
 
An organization's best line of defense is its employees. Because of this, your HR team must design a ransomware training program for its employees.
 
6 Ransomware Training Tips.
 
  1. Personalize your training for each role, responsibilities, back-end technology, and what to do when working remotely.
  2. Make the training mandatory and timely, i.e., how to avoid fake W-2 or payroll request schemes.
  3. Provide training on fake e-mails from job applicants, Amazon orders, FedEx/UPS delivery, Verizon texts, and how to how to avoid phony gift cards.
  4. Give people an overview of your anti-virus/ransomware software.
  5. Advise people on how to quarantine an e-mail.
  6. Provide training on viewing personal e-mails via a company networked computer. 
 
The FBI Recommends:
 
  • Regularly back up data and verify the integrity of those backups.
  • Secure your backups.
  • Scrutinize links contained in e-mails and do not open attachments included in unsolicited e-mails.
  • Only download software from websites you know and trust.
  • Ensure application patches for the operating system, software, and firmware are up to date, including Adobe Flash, Java, Web browsers, etc.
  • Ensure anti-virus and anti-malware solutions are set to automatically update and regular scans are conducted.
  • Disable macro scripts from files transmitted via e-mail.
  • Implement software restrictions or other controls to prevent the execution of programs in common ransomware locations, such as temporary folders.
 
Executive Summary: The weakest link in your organization’s cybersecurity process is human error; therefore, education is the only way to reduce that risk. Don’t forget to make this part of your Employee Handbook.

Topics: Human Resources, Technology and Privacy, cybersecurity