Ransomware and Malware Prevention is About User Training, Not Technology

Ransomware and other types of malware arrive on computer networks from several different sources.  Some of it is downloaded via links in phishing emails, which are designed to look like they are legitimate but are not.  Some links arrive through malicious websites or web advertisements, which download the malware files.  Some malware even comes onto the network through flash drives employees use to move files from a home computer to a work computer.

user training

One thing that all of these sources have in common, however, is that they’re much less likely to cause ransomware infections if your employees are trained on what to avoid when using their computers.  According to a recent Datto study, over one-third of technology companies felt that poor user training was the leading cause of ransomware distribution.

Just how badly is user training needed?  A Verizon study from a couple of years ago found that 11 percent of people open phishing attachments, and it takes only 82 seconds for a phishing campaign to ‘hook’ its first victim.  People have likely gotten a little better than they were in 2015 about asking questions before they open attachments – but even if that number was cut in half, virtually every company would have an employee opening attachments to phishing emails every month!

To avoid this fate, train your users on the signs of a phishing attempt, and what to do to stay safe.  Here are a few examples users should know about.

Be skeptical of non-standard domains. 

If a link claims to be to Amazon, make sure it’s to Amazon.com, not Aamazon.com, or Amazon-us-store.com.  These types of websites are set up to look legitimate but often are not.

Look out for grammar mistakes.

Cybercriminals can write brilliant code, but many of them are terrible with the English language.  If a major company is sending you an email, it’s not going to have egregious spelling or grammar mistakes.

Be wary if the message is unlike any you’ve gotten from that sender before.

If you’ve gotten an email from the Human Resources department, and it’s the first one that’s ever been signed “Thanks, HR” instead of a person’s name, that’s a bad sign.  The same is true if it’s coming from an internal email address you’ve never seen, such as HR@Company.com.  Don’t open these types of emails until you ask if they were sent by someone in your company first.

To learn how WingSwept can help keep your users up-to-date on phishing techniques without taking any time from their day, call us at 919.779.0954 or email Team_WingSwept@WingSwept.com and ask about our Managed Services offering.