Today, everyone knows some business that’s been hit by a ransomware attack. And ransomware is still increasing. As a matter of fact, ransomware attacks were up 105% in Q1 2019. And the businesses that were the most targeted are in California and New York.
According to Beazley Breach Response Services, ransomware is up 105% since last year. Adding insult to injury, the ransom amounts are increasing as well; 93% higher. This makes ransomware even more appealing to hackers because they can get a high return on their investment.
California Businesses Are Being Targeted More Than Others
Both California and New York are famous for something that they don’t want to be known for: Cybercrime.
Cybersecurity firm Risk Based Security (RBS) reported that an astonishing 90% of all cybercriminal activity occurs within California and New York. With the statistics noted above, this means that half a billion records in California and New York have been breached since January 2019.
“For three years in a row more than one billion records have been exposed in the first quarter of the year, whereas between 2009 and 2016, the number of records exposed in the first quarter generally fell in the 100,000,000 – 200,000,000 range, with only 2016 and 2014 exceeding 200 million,” RBS wrote.
RBS went on to say that cybercriminals focused their efforts on businesses in high-profit industries like software, finance, insurance, and health care. These accounted for at least 14% of data breaches.
Should You Be Worried About Ransomware?
The simple answer?…Yes. Ransomware occurs through phishing emails. Links in these emails provide a way for hackers to easily capture the credentials that they need to steal your confidential business information.
One phishing email or banking scam can bring down your entire business. And now criminals are using banking Trojans to obtain your account credentials. Again, for them, this is a high payoff that can provide multiple returns for just one ransomware attack.
What Can You Do To Prevent Ransomware Attacks?
Management must provide the tools your employees need to recognize and prevent ransomware attacks; otherwise, everyone’s job is in jeopardy. Security Awareness Training is now as essential to the growth, if not survival, of your business.
You can’t ignore the risks ransomware poses. It’s a companywide risk that your leadership must acknowledge and ensure that everyone knows how to avoid.
Educate Your Employees
Your staff must know that it isn’t just high-level executives who are being targeted for a data breach. Their level of access or knowledge can also be gateway for hackers. Everyone in your company is a target.
Increasing rates of cybercrime have mandated that management’s job descriptions evolve to not only deploying a robust security program but also taking on the responsibility to be informed and educated. You must offer the tools, and employees must use them; otherwise, everyone’s job is in jeopardy.
Ask Your IT Services Company To Provide Cybersecurity Awareness Training
What is Cybersecurity Awareness Training? It’s an education process that will teach your employees about ransomware, cybersecurity, IT best practices, and even regulatory compliance. And, it’s the best way to arm your employees to be your first line of cyber defense.
A comprehensive cybersecurity awareness program will train your employees about a variety of IT security and other business-related topics.
These may include how to:
- Avoid phishing and other types of social engineering cyberattacks;
- Spot potential malware behaviors;
- Report possible security threats;
- Follow company IT policies and best practices; and
- Adhere to any data privacy and compliance requirements like HIPAA, PCI DSS and GDPR.
What Takes Place During Cybersecurity Training?
- It starts with a Baseline Awareness Training for your staff. This annual, one-hour training includes facts as well as case studies with examples like the one we just mentioned.
- Then your employees will receive weekly, one-minute trainings to show them what’s currently happening with cybersecurity to keep them up-to-date on the latest threats. This is presented to them via email.
- Your employees will also be sent simulated phishing attempts. These are emails pretending to be someone or a company they trust, requesting them to click on a link. There will be recognizable errors like the wrong sender email, the image from a multi-billion dollar company in a low resolution, etc. This will give you a baseline score for each of your employees.
- The employees who are on the lower end of your scoring will be provided additional training. There’s custom training for each score level.
- You’ll receive a written security policy for your organization about what your employees should be trained on.
- Your employee risk will be measured, and a report provided to management, so you know the positives and negatives regarding the status of your team’s ability to prevent IT exploits.
Your Employees Need Regular Training
With regular training that includes phishing simulations, courses on IT security best practices, data protection, and compliance training, you can:
- Significantly reduce your company’s risk,
- Decrease infections and related help desk costs,
- Protect your reputation with fewer breaches, and
- Secure your overall cybersecurity investment.
People need to be reminded often about cyber threats. Plus, there are always new threats coming along. It’s essential to not only keep your cybersecurity solutions up-to-date but your employees too.
In Conclusion
Your staff can have a significant effect on your cybersecurity; either they know enough to keep your assets secure or they don’t, and thus present a serious threat to your security.
Your staff can be your greatest asset or your weakest link. It depends on whether you take data security seriously enough to make sure that they are trained several times a year.
Facilitate a team environment where everyone takes charge in the war against ransomware. Create and cultivate this environment with ongoing training and drills.
You still need a layered, up-to-date IT security plan and implementation…But the human factor is the biggest risk factor when it comes to ransomware.
In the meantime, don’t take chances with the security of your data. To stay up to date on ransomware and other cyber threats, visit our Business IT News.
Most Small Businesses Pay The Ransom
