Why Employee Training is the First Line of Defense Against Ransomware

September 7, 2018 / mcacao

We are on a battle with cyber crime. New strains of viruses are constantly being developed.  Attacks are happening on a daily basis. As the US Department of Justice reported, “On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016.” In a study by Osterman Research, commissioned by KnowBe4, it appeared that 30 percent of organizations had an endpoint device encrypted because of a successful ransomware attack. What happens after a successful attack? The FBI warns the public that the “financial impact to victims goes beyond the ransom fee itself, which is typically between $200 and $10,000. Many victims incur additional costs associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and/or the purchase of credit monitoring services for employees or customers.” We are truly not safe until we strengthen our defenses.  

The US Department of Justice recognizes proactive prevention as the best defense system. On top of its list is the implementation of an awareness and training program. It’s hard to fight a battle without knowing the kind of attacks that are coming. Hence, as soldiers, we must be aware of ransomware attacks.  With frequent training, we stand a better chance in staving off malicious attacks. Modern Healthcare explains, “It takes perseverance and the understanding that guarding against all kinds of malware, including ransomware, is more than a one-time class—it’s an entire mindset necessary not only for protecting the organization’s reputation….,” but shielding the customers and shareholders of the organization as well.

We play a major role in strengthening the defense system because we are also the weakest link in this battle. Cyber criminals take a huge amount of effort to make even more sophisticated the delivery of the ransomware, so as a result, untrained individuals become highly susceptible to fraud. On the bright side, we can also be the first and best line of defense if we are equipped with knowledge on how to prevent, and even handle a cyber attack.

Aside from an introductory lesson on how ransomware works, it’s also important to hold practical lessons or mock exams on employees. Nexthink shares, “One approach that many organizations have found helpful is to send out their own phishing emails. These emails look similar to real phishing attacks and include links that claim to be the sort of content that is used to distribute ransomware. You can then see which of your staff members click the links and use this as an opportunity to educate those people.”

If you want in-depth quality training, you may subscribe to a training program provided by tech specialists like KnowBe4. Their program aims to make trainees “understand the mechanisms of spam, phishing, spear-phishing, malware and social engineering, and are able to apply this knowledge in their day-to-day job.” They also offer “web-based interactive training combined with common traps, live demonstration videos, short comprehension tests and scenario-based Danger Zone exercises”.

If we want to stand strong in this battle, our only option is to keep our defenses strong. We can’t let cyber criminals prevail all the time. We have to make the best efforts in protecting our networks.

Posted In: