Javvad Malik at KnowBe4 explains the steps to take to recover from a ransomware cyber-attack
Since the word “ransomware” entered the Oxford English Dictionary in 2018, the use of the cyber-attack tactic by cyber-criminals has grown, becoming a near-everyday occurrence in the business world. In fact, according to a Corvus insurance Q3 2023 report, there was a 95% increase year-over-year on ransomware leak sites.
Naturally, vendors have jumped to the rescue to offer the technology, guidance and advice to companies under attack, but what about employees? Some may feel a little left out in the cold post-ransomware attack, with companies notifying them of the incident and informing them that their personal information could be at risk.
So, in the unfortunate event that a company does experience a ransomware attack, with a risk of personal details being sold on the dark web, what advice can business managers give to individual employees to protect themselves?
Urge employees to take immediate action
According to KnowBe4’s The Root Causes of Ransomware whitepaper (registration required), social engineering and unpatched software remain the top attack vectors exploited by ransomware groups to gain access to victim devices and networks.
In many cases, it will become apparent pretty quickly that the company has been hit by ransomware. Whether it is the inability to access systems or a company-wide memo regarding the incident, business managers will recognise signs that something is amiss. When this happens, workers should be urged to take the following immediate actions:
Stay calm and supportive: First and foremost, remember that ransomware attacks can be stressful for employees and the organisation as a whole. Staying calm, supporting colleagues and collaborating with the IT department ensures a coordinated response. The faster the response, the better the chances of minimising the impact of the attack.
Isolate personal devices and disconnect from the network: If using personal devices for work purposes, disconnect them from the company network immediately. This step helps prevent the ransomware from spreading to personal devices and compromising additional information.
Collaborate with IT for guidance: Work closely with the IT department to receive guidance on securing personal information. They may provide specific instructions or resources to help employees safeguard their data in the aftermath of a ransomware attack.
Follow company protocols: Adhere to company protocols and guidelines provided by the IT department for dealing with a ransomware attack. These protocols may include specific steps for reporting incidents, isolating devices or seeking assistance.
Intermediate actions
Once immediate actions are ticked off the list, users can move on to these further steps to help protect themselves.
Change passwords across platforms: Employees should change passwords for all accounts, both personal and work-related. Ensure that passwords are strong and unique and consider implementing phishing resistant multi-factor authentication (MFA) to add an extra layer of security. This can help prevent unauthorised access, even if login credentials are compromised.
Monitor personal accounts: Regularly monitor any personal financial accounts, email and social media for any unauthorised or suspicious activities. Be vigilant for signs of identity theft or unauthorised access and report any anomalies to the relevant service providers immediately.
Become educated on dark web risks: Employees may want to familiarise themselves with the risks associated with the dark web to understand the types of information that may be sold, such as usernames, passwords, and personal details. This awareness can help users take appropriate precautions and recognise potential threats. Users can also sign up for a breach detection service or ensure they’re signed up for any additional dark web monitoring services their security providers may offer to alert them when their passwords have potentially been compromised.
Be wary of phishing attempts: Affected employees must also remain vigilant against phishing attempts, as attackers may try to exploit the situation further. Verify the legitimacy of emails, especially those related to the ransomware incident and report any suspicious communications to the IT or security department.
Stay informed about security measures: Cyber-attacks, especially ransomware can have long-reaching effects, so employees of impacted companies should keep informed about the security measures being implemented by the company to address the ransomware attack. Understanding the steps being taken can help users assess the level of risk and take appropriate actions to protect personal information.
Longer term actions
After the initial actions are taken to minimise the spread of the ransomware and contain it, management teams should turn their attention further reducing the risk by outlining steps employees should take to ensure they don’t become the victim of cyber-criminals. The steps could include:
Enable credit monitoring: Employees should be urged to enrol in credit monitoring services, which may be offered by the company in the wake of a ransomware attack or data breach. These services can provide alerts for any unusual activities on your credit report, helping detect and address potential identity theft at an early stage.
Check email address: Users should be reminded to never sign up for personal services using their work email addresses and vice versa. Where possible, use a different account for high priority accounts like banking and try to separate work-related activities and personal communications. This segregation can help contain the impact if one email address is compromised, limiting the exposure of personal information.
Back up personal data: Once employees are back in action with clean devices, they should regularly back up personal data stored on company devices. If the worst happens and the device is affected by ransomware, having a recent backup ensures that people can recover their personal information without paying a further ransom.
Attend security awareness training: All business management and employees should participate in any cyber-security awareness training sessions provided by the company. These sessions can equip employees with the knowledge and skills to recognise and respond to potential threats swiftly and effectively. Remember to lead by example!
Practise defence in depth: Ensure any security updates are applied to devices and encourage employees to do so as well.
Cyber-security is no doubt a collective effort and therefore internal communications, particularly with the IT department, are crucial during incidents such as a ransomware attack.
By taking proactive steps and staying informed, business managers can encourage individual employees to significantly contribute to protecting their personal details from being sold on the dark web, preventing identity fraud or even contributing to further ransomware or extortion attacks.
In these stressful events, taking a breath and ensuring these steps are undertaken can go a long way to mitigating further risks from a cyber-incident.
Javvad Malik is lead security awareness advocate at KnowBe4
Main image courtesy of iStockPhoto.com
© 2024, Lyonsdown Limited. Business Reporter® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543