Feed Icon

Working from home is on the rise, and hackers are using this as an opportunity to step up ransomware attacks on businesses of all sizes.

Ransomware is malware that is used to block a business’s access to critical data or services through encryption that locks files, and then the attackers demand a ransom payment for a decryption key to unlock the vital files. These intrusions can be financially devastating at a time when companies can least afford a big disruption or costly payout.

Cybercriminals know that many businesses are letting employees work remotely from home where oversight can be weaker, and that many businesses haven’t trained workers about the dangers of ransomware.

Experts say battling ransomware needs to be a team effort that starts with management and works its way throughout an organization.

It needs to start at the top, with management directing a strategy that includes a written plan for prevention, training and response. 

There needs to be a coordinated plan that defines responsibilities for prevention and education. Prevention generally falls to an in-house IT staff or to an outside business that offers IT services. Education should be designed so that everyone involved knows their roles and what they can do to prevent ransomware from paralyzing a business.

Involvement from the IT professionals includes setting up measures that include ensuring all software and systems are up to date, that email filters are set up that can prevent phishing attacks before employees see them, and that security measures such as a VPN and multifactor authentication are enabled so employees working remotely are securely accessing the business’s network. These measures should include protecting access from devices ranging from desktop computers, laptops and mobile devices such as smartphones.

Another major IT responsibility should also include making regular backups of all important data, from centralized files to information residing on employee devices as necessary. There should be multiple copies of this data, with at least one copy being maintained offsite.

Employees need to play a big role too, and they should be reminded of that regularly. Their responsibilities should include the use of strong passwords, strictly following company security policies and promptly reporting any issues that might put the business at risk.

These measures should include being trained to not open suspicious emails, click on questionable links, download unknown attachments or to install software without checking with IT. The danger of disregarding these guidelines is that malware could be installed on their devices, which in turn could affect the entire business. Some IT departments even send fake emails to staff as a test to see if they are following guidelines.

Experts recommend that all businesses and organizations take the threat of ransomware seriously, whether their employees are working in the office or from home, and that they follow all precautions to keep from becoming victims of these costly attacks.