The organisations that are vulnerable to ransomware and phishing attacks include those that imagine they are safe because of the service they provide. As a result, schools and hospitals are among the most susceptible to ransomware and other forms of phishing.
There are a few simple steps any organisation can take to avoid ransomware:
- Keep your operating systems up to date. If using Windows, don’t disable automatic Windows updates.
- Choose a security or anti-virus solution that protects against ransomware, and keep it up to date. Kaspersky Lab includes System Watcher, a “behavioural proactive detection component”, but also offers a free Anti-Ransomware Tool for Business, at https://go.kaspersky.com/Anti-ransomware-tool.html
- Keep a back-up of all key files and information, ideally in an online storage service like Google Drive or Microsoft OneDrive.
- Keep key files backed up offline, on storage that is not connected to a computer.
- Never click on any suspicious, dubious or strange-looking link or attachment received via email. Train staff to be alert for such emails.
- Introduce a company policy for how attachments are described in covering email. Never allow emails to be sent out that say only “See attachment” or similar.
For large organisations with IT departments, the advice would be somewhat different, but the last two principles still apply.