According to McAfee, an industry-leading computer security company, ransomware is a type of “malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.”
These attacks are occurring at an alarming rate. According to Recorded Future, a Boston-based security firm, there were 65,000 attacks last year in the United States alone. That’s more than seven per hour!
Ransomware attacks aren’t just happening to individual users on their personal devices. Data thieves are turning their eyes towards entire organizations with economically devastating effects. In 2021, the average remediation cost, which includes business downtime, lost orders, operational costs, and ransom payments was, $1.85 million.
Because human resource (HR) professionals handle highly sensitive data (e.g., social security numbers, dates of birth, bank details, home addresses, etc.), they are a lucrative target for ransomware hackers. As a result, HR must become familiar with the best practices for protecting themselves and their organizations against ransomware attacks.
While there is no way to immunize every device in an organization from ransomware attacks, there are several steps that HR professionals and the organizations that support them can take to decrease the chances of an attack and limit the damage if one occurs.
Preventing Ransomware Attacks
When it comes to ransomware, prevention is far better than remediation. Below are strategies that HR can follow to ward off an attack before it captures and locks down their data.
- Implement a ransomware education program: According to a recent study from Stanford University, 85% of data breach incidents are caused by employees’ mistakes. As a result, companies should begin by implementing a ransomware education program to teach employees about the common errors that allow data thieves to steal an organization’s digitally stored information.
Because many prevention techniques vary from one job to the next, employers should ensure that their education program includes information tailored to each employee's role. Otherwise, workers may feel overwhelmed by the mountain of techniques used to protect every employee on every application. Make sure the guidance is tailored and to the point.
Employers can also increase engagement by making their ransomware education programs fun. For instance, Phil Alexander, Information Security Officer and Director of Information Security at UMC Health System, makes his cybersecurity training fun by running a phishing email scam competition. Each year, employees who successfully avoid clicking on fake phishing emails (one of the primary routes through which ransomware attacks occur) get rewarded with company swag. Since the competition began, phishing success has been down by 70%.
- Get a virtual private network (VPN): Any internet-connected device is vulnerable to ransomware attacks. As a result, even the most informed and cautious employees may still be susceptible. As long as employees are using public networks that lack certain security measures designed to make the process of infiltrating a device more complex and labor-intensive, attacks will remain a possibility. As employees continue to work remotely, often in cafes, coffee shops, and libraries, the organizational risks of public networks are more pressing than ever.
VPNs are one of the more commonly used solutions for protecting data traveling through an unprotected network. VPNs take the data thieves’ tactic of encrypting data and use it against them. Specifically, they encrypt a user’s data (while giving them the key to unlock it) before a hacker can encrypt the data for themselves.
Recovering From Ransomware Attacks
Even the best preventions strategies are not foolproof. Accidents happen, and hackers are constantly working to create new ways of accessing organizational data. As a result, HR must develop an incident response plan that includes but is not limited to the following steps:
- Isolate the infected device: As soon as a device is suspected of having fallen victim to a ransomware attack, it must be immediately shut down and disconnected from all networks. This will help to stop or slow down the spread. Once the spread starts, it becomes increasingly difficult to stop.
- Alert the authorities: There are several reasons for notifying the authorities of a ransomware attack. First, in some countries, organizations are legally required to inform the appropriate agencies of an attack. For instance, in the United Kingdom, companies that fail to notify the Information Commissioner’s Offices within 72 hours of a data breach may be forced to pay hefty fines. To add to that, according to the United States Federal Bureau of Investigations, "Law enforcement may be able to use legal authorities and tools that are unavailable to most organizations." Having access to these tools and resources may expedite the recovery process.