Educate your users – Don’t let them be tricked into downloading ransomware/malware
Everyone should follow this advice for end-user ransomware training:
- Be very cautious when opening an attachment or clicking a link in an email, instant message, or post on social networks (like Facebook)—even if you know the sender. If you are suspicious, call to ask the sender if they sent it. If not, delete it.
- The attack can look like it is from an official sources like banks, UPS, FedEx, USPS, eFax, etc. This has been the most common attack method to date.
- If an e-mail gets blocked and quarantined by your spam filter, be very certain about the message and any attachments before you release it from quarantine. One user recently got burned this way.
- Avoid clicking Agree, OK, or I accept in banner ads in unexpected pop-up windows with warnings or offers to remove spyware or viruses, or on websites that may not seem legitimate. These are usually bogus. Call your IT specialist if you are concerned.
- Only download software from websites you trust. Be cautious of “free” offers of music, games, videos, and the like. They are notorious for including malware in the download. At your employer you should not downloading anything unless you are specifically authorized to do so.
- If you have automatic updates to the cloud, consider turning this off so you don’t replicate the ransomware encryption to your cloud.
- Remember, you must usually click on something to make something happen. Be careful where and when you click.
- The moment you even suspect something is wrong, contact IT support immediately. Recently a user went home when his system did not work right and that allowed the ransomware to spread.