Can you remember ever receiving any training about what to do if you think your device has become infected?…:
[…] In its survey, Kaspersky stressed that raising employee awareness on ransomware, as well as cybersecurity practices in general, is one of the best ways to prevent a ransomware attack. In case of a breach, however, Kaspersky experts recommend isolating the infected machine from network access should be the first step. They also suggest the following:
- Never click on unverified links
- Only open attachments from trusted emails
- Only download information from trusted sites
- Only install trusted security software
In addition, the Cybersecurity and Infrastructure Security Agency (CISA) recommends reporting any incident to their team immediately. Although the honesty lowers customer and investor trust in the affected company, it helps to ease future attacks by the same strain of ransomware.
The Canadian Centre for Cyber Security (CCCS) also has a number of best practices to help insulate a business from ransomware. Unsurprisingly, security awareness training for employees is listed as the foremost method. Others include keeping operating systems up to date, disable macros in Microsoft Office, and rule of least privilege, in which the employee is only granted the basic resources to complete their function.
For when the system becomes compromised, the goal shifts from prevention to mitigation. The CCCS recommends immediately isolating the device by removing it from the network, followed by identifying the strain of ransomware and wipe all data to disinfect the machine. The breach should be reported to the Canadian Anti-Fraud Center.
These basic practices have been said many times before, but as the world is staving off a deadly pandemic, digital best practices are more important than ever to help keep critical infrastructures operational. When uncertain, always consult with IT before proceeding.