Recently the world has faced a widespread ransomware attack with the virus “WannaCry”.
Thousands of computers all over the world have been breached and their data was kidnapped. Most significantly, many big organizations and some government agencies were breached and crippled by the attack and still struggling with the infection.
Ransomware is malicious code that attacks our computers with a monetary motive: the malware acts by kidnapping out data and locking the startup screen, and the victim is usually notified with specific instructions for recover the control of the computer and data. The spreading of this kind of attacks can be through e-mail attachments, software apps, infected devices, compromised websites, text messaging, and more.
So, how should we face this kind of attack? What to do in cases like the actual “WannaCry” attack?
It is obvious that the technical support guys must collaborate with the anti-virus software, the operating system updates, and so many other technology elements, but the human factor is very important to avoid or stop this kind of attacks.
One of the most important elements in a crisis moment is communication. We must develop a communication strategy to inform all the users and give them instructions and guidelines to indicate what they should do to avoid being infected by malware. Stopping the spread by human intervention is a good start.
Another good investment is to keep our users in permanent training on issues related to the proper use of computer equipment and the care they must have with the data contained therein. They must be aware of the daily risks of attacks like this and we should provide them with information resources so they can be up to date on this issue.
It is always helpful in these cases, and many others, to have the information backups that are up to date. We must establish a culture of regular back ups. Designate at least one day of the week to make the copy of the most important data in your computer and it will give you some advantage over this kind of problem.
We must be capable of detecting infected equipment by having a good and fast way to receive users reports. If we find an infected machine we must remove it from the network to avoid the ransomware to use this computer to spread throughout our network.
I believe that ransomware attacks are nearly impossible to stop. That's why we should take important data protection measures. Government agencies should try to ensure that damage is minimal and data recovery is as quick as possible.
Finally, be conscious that individual collaboration is essential to succeed in every data protection plan. So, let’s make our part!
Sergio Yorick is part of the GovLoop Featured Blogger program, where we feature blog posts by government voices from all across the country (and world!). To see more Featured Blogger posts, click here.