Ransomware: 6 Steps You Can Take to Protect Yourself

              Imagine waking up one morning to find your identity stolen or your bank account compromised. The anger, frustration, fear, and anxiety starts to set in becoming more and more overwhelming. Making rational decisions become hard to make as the situation overtakes your daily routine. You start asking yourself questions like who, why, how and what should I do next? As you begin to organize your thoughts you begin taking the necessary steps in order to isolate and contain the situation by canceling credit cards and contacting your financial institutions. Like many people, you find yourself engaged in a drawn out process that will impact your life for months or years to follow. Although we can't ever completely protect ourselves from such scenarios there are ways to mitigate them. For example, at the time this article was written there were hundreds of thousands of systems compromised worldwide, impacting industries ranging from health care to transportation. The culprit was a ransomware ominously named "Wanna Cry". What is ransomware and how can people better protect themselves against this threat? This article will provide some steps that people can take to help avoid such malicious attacks.

What is ransomware? Ransomware is a program, also called malware, that targets system data and encrypts them preventing the owner from gaining access to his/her own data. Many may ask why? The simple answer is for financial gain. The people behind this malware use it to hold data hostage for a price. A promise to release the data is made once payment is received, a promise from criminals, but one nonetheless and generally speaking, the promise is kept. You might now ask how can this occur? The simple answer is that the attackers take advantage of people's trusting nature and capitalize on an easy financial opportunity. As the Chief Information Officer for a leading online contact lens retailer, I have compiled a list of actions people can take that can help reduce the risk of becoming a target for these attacks.

Awareness.

Being informed and aware of potential threats is paramount in protecting yourself. Only through awareness can you properly prepare yourself. Try to remain current on new and existing threats through news outlets and credible authoritative security sites such as Symantec. For instance, within the "Security Center" section of Symantec's website they have a subsection called "Threats, Risks and Vulnerabilities" that lists the most current threats that have been identified.

Due Diligence.

An example that illustrates the importance of being diligent is when you are faced with Phishing attempts. Phishing is a technique used to deceive end users into providing personal information in which they can exploit at a later time. Many Phishing attempts use hyperlinks to malicious websites or attachments that can launch malicious code to compromise computers or gather information. There are multiple strategies used to get people to click on these links or open these files, however the most popular is through disreputable websites and/or email campaigns. By being diligent the end user can take preventative steps to avoid being exploited simply by being analytical and cautious of emails received from unfamiliar sources, as well as carefully vetting sites that they wish to visit. One method is to be suspicious of hyperlinks within emails or within questionable websites and therefore always err on the side of caution without allowing your sense of curiosity to overtake you. People can quickly verify if the hyperlinks are misleading; by hovering the mouse over the link itself you can quickly view the target address by looking in the bottom left hand corner of the browser. If the address is misrepresented by the link text or is an address you do not recognize than proceed with great caution. However, it is important to note that an unrecognizable site does not mean it is malicious. In these instances there is a website called TotalVirus.com that allows you validate a URL by entering it. The site than runs scans for any potential threats or malicious code. TotalVirus.com does not guarantee there will not be false positives but it does provide an additional way to identify potentially dangerous websites.

Antimalware and Antivirus tools.

Another measure that can be taken is to always have an installed and updated anti-malware/anti-virus software and configuring it to proactively run in real-time and having scheduled scans in place. There are many sites that offer these tools for free such as Microsoft with their Microsoft Security Essentials tool and/or Windows Defender. You can also purchase software from reputable sources such as Symantec and McAfee. Many of these vendors also provide free removal tools for end users to use if their system is ever compromised.

Updates.

Arguably the most critical step to take in protecting yourself from attacks is to make sure to always keep your systems current on their updates. Some of the easiest ways to compromise a system is by targeting known vulnerabilities of software vendors. Therefore, take advantage of Windows Automatic Updates and other patch management tools available to remain current on software updates.

Backups.

If your system ever becomes compromised sometimes the easiest way to resolve the situation is to run a restore from a backup that was completed before the compromised date. Backups are crucial in providing peace of mind in the instance a disaster strikes and can save you from being exploited by attacks such as ransomware.

User Permission.

One more measure that you can take is to create user accounts that do not have permission to install or uninstall programs. By setting these user access controls you can reduce the risk of a user installing a malicious program.

If people take the appropriate precautions they can greatly reduce the risk of becoming a victim. There are many people out there with pernicious intent and although we cannot protect ourselves from all the evil that lurks in the dark we can make it as difficult as possible.