In today’s world, ransomware is becoming one of the most significant threats facing both personal computer users and businesses alike. Many industries are being targeted by hackers looking to hold data hostage for monetary gain.
Protecting yourself from a ransomware attack is crucial as attackers grow bolder in their targets and methods. Ransomware causes major problems when it successfully impacts our organization or an individual.
In addition to disrupting operations and disrupting your work, it may become a severe headache for customers as it exposes your organization’s data (or your personal data!) all over the dark web.
There are a few ways to guard against these attacks before they occur by taking a pragmatic and proactive approach to cyber security. Here are a few ways to protect yourself from ransomware attacks.
Beware Of Phishing Emails
Ransomware spreads through a few different channels, most often via social engineering, phishing, and spam.
In short, a phishing attempt is where someone tries to convince a user to click on a link, provide credentials/personal information, or download software via email. The email will often appear to be from a legitimate source like your bank or payment processor/provider.
Either that, or it will be from someone you supposedly know or may appear to come from a spoofed email address.
Either way, accessing a website or inputting credentials via these scam attempts opens makes you vulnerable to a malware attack—which could be anything from a virus or spyware to a dreaded ransomware payload.
Phishing is still quite a lucrative path for scammers to take because users still fall for it and get hooked every day. Most phishing attempts happen through email (at least 96%), but some may be perpetrated via a website, download, or even an SMS/text message on your phone.
To protect yourself against phishing, pay close attention to the sender and content of the email, don’t click on any suspicious links, and consider supplementing your protection with an antivirus program that offers real-time web and scam protection.
Make Backups Constantly
One of the most effective methods of protecting yourself from ransomware is to make backups of all your important files. The biggest problem with a ransomware attack is that sometimes fighting back against them is a lost cause.
Even if the attacker releases the decryption key, you may end up with some damaged or corrupted files.
Backups can help.
It’s best to use the 3-2-1 backup rule to optimize this process. Here’s a breakdown of what that means:
The “3” in this equation refers to maintaining three copies of the data over a few different time periods. That way, you cover all your bases and can recover files across various important timeframes.
The “2” indicates you should use two different kinds of media. This might be a USB and hard drive, a NAS and hard drive, DVDs and USB drives, and basically any permutation of two different backup media.
The “1” means you should keep a copy of the backup off-site. Whether it’s your business or personal computer, storing a backup off-site could mean the difference between restoring your files and being completely out of luck.
Alternately, you can supplement your backups using highly encrypted cloud storage with multi-factor authentication.
Use Powerful Security Software
Aside from taking some of the safety precautions on this list, you should prepare for the reality of being affected by a ransomware attack. It all starts with an awesome cybersecurity program.
A good maximum security program contains everything you need to stay safe online. Regular scans, fraud/scam protection, informing users about dangerous websites, real-time protection, and ransomware removal.
Ransomware protection should be included in your desired program, otherwise, it’s best to skip it. Supplemental to your security suite, you should also use a firewall to protect your network traffic.
Keep your software completely up to date (the security suite should be able to inform you if you’re not up-to-date), stay on top of the constantly changing world of ransomware information, and be sure to take advantage of the features on your cybersecurity program.
Use Strong Passwords
Passwords are the bane of existence for some users. Remembering long, complex passwords isn’t easy for most people.
Unfortunately, many users still insist on going as simple as possible when it comes to passwords. We’re talking about the likes of “12345” and “qwerty” here.
That’s not a good thing and it makes them very easy to crack. There are some best practices involved with passwords that you should follow:
- A powerful password should have 12 or more characters
- Passwords should include a mix of lowercase and uppercase letters, numbers, and symbols
- Never share your passwords or write them down
- Make them hard to guess
- Go as complex as possible
- Never use the same password for multiple accounts
Passphrases—combining multiple words into long, complex strings of 15 characters or more—are another useful trick for keeping things secure (the FBI even recommends going this route for added security).
For those of us who don’t want to memorize complex passwords, a password manager comes in handy.
With a password manager, you can generate and store secure passwords so it isn’t necessary to write them down or create easy-to-remember passwords that will give hackers a field day.
Finally, you may also want to use two-factor authentication (2FA) to add a third layer to your password security.
Don’t Use Unknown USB sticks
Taking a sensible approach to cyber security is always a good route. But you should also extend that common sense to using unknown removable media. Take the unassuming USB stick, for example.
While it has a great deal of utility and is ideal for storing your files and moving them around, bad things can happen if you just randomly plug an unknown device into your computer.
A USB device can contain malware that when inserted into your USB drive can just install itself right on your system. This might be a devastating virus, ransomware, or another type of malware. Files on these devices can be an attack vector for hackers, so it’s best not to take this chance.
