banner
article3photo
byline
in this issue
article1
article2
article3

Here are a few tips to protect against a ransomware attack. Keep in mind this list only scratches the surface:

Always back up data. Backups should be protected and — if possible — segregated from the network. Data backup files should be encrypted to add an additional layer of protection. Backup files allow for restoring files if a computer infection occurs. Periodically, test backups by restoring critical systems to ensure the backups will work if needed. 

When a person has backups, the cybercriminal loses some leverage. Backup files allow victims to restore their files once the malware has been removed. 

Stay updated. Operating systems, programs and security software must be updated with the latest versions and security patches. Enable automatic patches and updates to ensure they are promptly installed. 

Use a trusted security software that offers more than just antivirus features. Some security software can help detect and protect against threats to an individual's identity and their devices, including your mobile phones. 

Be cautious with email attachments or links. Email phishing, which contains a link or has an attachment, may contain malware. Only open email messages, attachments or click on links from a trusted source. Emails from an unknown or unfamiliar source should be deleted. 

Surfing the world wide web. Be sure to use a secure internet connection. If the connection is not secure, such as public WiFi, use a virtual private network (VPN) to protect your connection and information. 

Always use caution when surfing the internet. Pop-up ads or websites may contain malware. Just as with emails, only visit websites or open pop-ups from a known, trusted source. 

Use Multi-Factor Authentication (MFA). MFA requires a user to present two forms of credentials when logging in to an account or secure network. The credentials are typically something the user knows, such as their password, and something they have, such as a token or code texted to their cell phone. 

This type of authentication enhances security because the user has to prove they are who they say they are. Since the process requires two types of credentials it helps to prevent hackers from gaining access to a network or blocks them from escalating privileges. 

Employee Training. Cybersecurity awareness and anti-phishing training should be implemented for all employees. Employees should be taught how to identify, avoid and report phishing attempts. 

Periodic phishing exercises should be run to determine whether employees realize the risks associated with email attachments and embedded links in fake emails. Information Technology should monitor emails in order to set up filters to block spam and emails that contain malicious attachments or links from reaching employees. 

Password Management. Organizations should ensure users establish strong, unique passwords — with a mix of letters, numbers and symbols. Passwords should be changed regularly and not be reused. 

Removable media. Use of removable media or external storage devices, such as USB sticks, should be carefully considered and possibly restricted as users may unknowingly install malware if the source of the removable device is unknown to them. 

Implement an incident response plan. All organizations must put an incident response plan in place. Test and review the plan, at least annually. Ensure senior leadership is involved and aware of the plan so it can be leveraged during an actual incident. 

With new ransomware variants appearing, it is imperative to take all measures to minimize exposure. Knowing what ransomware is, understanding how it works and taking precautions can help protect computer data and personal information from becoming a ransomware target. 

Remember, this list only scratches the surface. Proactive prevention through effective cyber training and security controls is often the best defense. Anyone who is in charge of cybersecurity or who wants to put a policy or procedure in place should be sure to consult with a cyber expert or the various government sources for more details.

Article provided by contributing author:
Diana Hoffman, Corporate Escrow Administrator
Fidelity National Title Group
National Escrow Administration

 
  SHARE    
 
 
 
footer_line
 
stop fraud! share
 
footer_line
 
 
FNF Home