With the rise in global Ransomware attacks on business, it’s important to stay informed on what actions are responsible for these viruses and how to avoid them. Although viruses of these types are no new news to anyone, since May 2017, Ransomware attacks have been worse than ever. Hackers have found and leaked various ways to exploit Microsoft operation systems in order to enter, retrieve, lock and encrypt all files in a company’s network, leaving companies with no option but to pay their attackers in untraceable Bitcoins for the retrieval of their encrypted files and servers. The FBI has reported that there are only a few ways to retrieve your encrypted files: 1) Return to a previous backup system, 2) contact security agencies for help, or 3) pay your attackers, however the chances of getting back your encrypted systems, even through these methods, remains low.
While the chances of an already attacked business unlocking its servers is unlikely, knowledge is power and understanding the various ways that these hackers can work their way into your system can keep you out of harm’s way. While many attacks are initiated through email bait, the public’s awareness of the danger of clicking links in foreign emails has taught hackers to come up with clever and unconventional ways to get into your systems. Make sure to understand the various ways your business’s system can get infected and take actions to avoid infecting your networks:
- Charging your phone at work. You heard that right. When you connect to Wi-Fi networks at friend’s houses, coffee shops, public cities, and various other locations outside your business, you are actively storing cookies on your phone. If hackers placed anything on those networks and you then charge your phone by plugging it in to your work desktop, all those cookies can be released onto your work system and cause for a business-wide system encryption (which is not worth the headache of missing a couple texts.) Here’s what you can do to prevent this: 1) Make sure that you delete all website cookies on your phone’s browser before connecting to any systems at your work via Wi-Fi or USB cords. 2) Charge your phone by plugging it into the wall; never plug it into your desktop.
- Hidden devices on your computers. Whether or not you’ve seen any suspicious activity at your office, you should make sure to check all computer ports on every desktop at your work to look for any foreign devices. These may be ethernet cables plugged into the wall on unattended computers, or even small USB devices (such as a USB devices masked as Bluetooth mouse connectors) plugged into the back of your desktop. These can easily be placed by hackers working in, say, your building’s cleaning service. When left alone, these devices will monitor, livestream, and save all of your network activity to hackers’ systems as long as they remain plugged in. Here’s what you can do to prevent this: Inform your employees of these system exploits and tell them to regularly check their desks for unknown USB devices, cords, or SD cards plugged into ports at their work stations. Be especially wary of unattended computers at previous employees’ desks.
- Former employees with password access. Whether or not you trust your old employees to not hide their old work passwords, if their personal computers or home systems are hacked while your company’s passwords are stored on it, your business may be at great risk. Here’s what you can do to prevent this: Make sure to reset any passwords your employees have access to when anyone moves on from your company. This can keep you and your system out of harm’s way.
- If your employees’ personal email is compromised, hackers can often reset passwords for work-related servers connected to their work emails. To put it in layman’s terms, when you create any account with your work email, you are often required to set up a backup email in case you forget your password. Links can be then sent to the backup email for you to change your username and password. Businesses need to be careful about allowing their employees to use their own personal emails as backup email addresses, since a simple compromise of their personal email addresses may result in a massive breach of work-related network materials. What you can do to prevent this: Never use your personal email as a back-up for work-related networks. Always use your boss, or a trusted coworker’s work email as a backup email.