The number of threats to your private information and files changes every day. Sometimes the threat comes from a company you do business with being exposed, other times you turn out to be the threat by accidentally clicking on something you shouldn't have. Considering how many threats are out there at any time, it is amazing we don't suffer more.
This post discusses three areas you should be aware of that will help protect you from Ransomware and other threats.
3 Things to Help Protect you from Ransomware & Other Threats
When employees shifted to working from home, the levels of protection they unknowingly had was often missing. Most businesses employ a combination of firewalls to block inbound traffic from unknown sources, content filters to prevent inappropriate or harmful items from loading, SPAM filters to block infectious emails, and much more.
Using a device at home over a personal internet connection bypasses many of those systems, leaving that device more vulnerable. Luckily, there are still things you can do to protect yourself. The three main areas of consideration when trying to protect your devices from threats are:
- User Accounts
- And Ransomware
Many aspects of user accounts are targeted by threats. Creating different user ID's and passwords for your accounts reduces your risk if an account is ever exposed or hacked. Some specific areas of consideration include:
Passwords - In general, the longer the password, the longer it would take to crack that password when using software for that purpose. Inserting special characters, numbers, and alternating between font case, also increases the level of password security. Always stay away from names, numbers and dates of significant personal importance, as someone trying to hack you will most definitely guess these in hopes of gaining unauthorized access to your information.
Remember all the things you share on social media - anniversaries, birth dates of your children, your favorite vacation spot, your favorite sports team, your favorite holiday, etc. These are all easy guesses for someone trying to socially engineer access to your accounts.
If you struggle to remember the user IDs and passwords of your accounts, try using a secure password application like LastPass, RoboForm, or Keeper rather than using the "remember me" option in web browsers. If the device is ever accessed by an unauthorized user, they can access anything where the credentials have been saved by simply opening a web browser.
Email - An easy way to reduce exposure is by creating different email accounts for different tasks such as shopping, staying in touch with friends and family, social media accounts, or business communications. Use caution opening emails from unknown senders and be especially wary of clicking on links in emails or opening email attachments.
Attachments often hide or misrepresent their real file extension to trick users into opening something they otherwise would not and that might cause harm to their device. Additionally, hyperlinks can easily say they go one place but be programmed to go somewhere entirely different. If possible, hover over links to verify they are pointing to a place matching the content of the email. If the link seems suspect, go directly to the company's website or call them using a contact number from their website rather than clicking on links in unsolicited emails.
Last but equally important, NEVER re-use your email password. So many online user accounts are connected to your email. That email account can be used to reset passwords for other accounts, recover user IDs and passwords and much more if you get locked out. However, it can also be used by someone else who has hacked into your email which can cause all sorts of other problems and risks. This is another reason why multi-factor authentication is important and should be set to use text messages when possible.
It is important to install updates to operating systems, programs and applications in a timely manner. While many updates introduce new features, there are likely a handful of security updates and patches included also. These can be less obvious at times, and are typically covered under the heading "various security updates".
There are instances, like when the security vulnerability is exposed to the public, that companies are much more vocal about security issues. When this happens, companies typically focus on the release of a patch and getting it pushed out to users quickly. Either way, it is important to stay current on updates to reduce your risk. Known vulnerabilities are often targets and you want to avoid being a target!
Ransomware has been on the rise for several years and is particularly popular because victims who have failed to implement a backup system often end up paying the ransom to regain access to their data, whether personal or for a business. Ransomware works by infecting a device and encrypting all of the files on the local drive, any physically attached USB drives, and any mapped drives. Mapped drives are often used to connect to folders on other computers or servers.
The best recovery from a Ransomware infection is to isolate the infected device, reinstall the operating system and any programs, then restore all files from a backup. If at all possible, do NOT pay the ransom. If this attack stopped being profitable, it might eventually go away.
To lower your risk, keep in mind the following things:
- Have endpoint protection running on your device and make sure it is up-to-date.
- Be cautious opening emails, email attachments and links in emails as described above.
- Create secondary logins on any device being used by more than one person. The original account will always be an admin account which has higher permissions so it is important to create secondary accounts for other users, especially children.
- Keep backup copies of your files so even if you do fall victim to an attack, you can recover without paying a ransom.
The number and variety of security threats is not likely to drop anytime soon. This means everyone needs to do their best to stay informed about threats, and do what they can to protect themselves from threats in general. Creating different emails for different tasks, refraining from reusing passwords, updating software on devices, and making sure you have a current copy of your data at all times are just some of the ways you can reduce your risk.
As always, the time and effort put into prevention far outweighs the time it takes to recover and the loss of things you cannot replace.