Your Employees are Clicking on Harmful Links

The reality of Internet use in 2017 is that there are infections everywhere, and we can’t count on automated tools or antivirus software to keep all of them out.  Even more concerning is that company employees are the ones who are “letting” the bad guys in.  End-user education must be an ongoing process for all of us, and I emphasize ALL.

Consider the findings of a 2016 “State of Ransomeware” study commissioned by Malware Bytes and performed by Osterman Research. survey of 540 CIO’s, CSIO’s, and IT directors from companies representing 5,400 employees.

The study comprising of 540 CIO’s, CSIO’s, and IT directors, found that nearly 40% of companies had experienced a ransomware attack in the last year. Of these victims, more than a third lost revenue, and 20% had to stop business completely. The scariest number is that 40% of the attacked companies had to pay the ransom. If you are in the healthcare or financial services industry, 39% of all attacks target your company.

Training Your Employees is a Must

The study found that 25% of incidents were on senior and c-level executives. For this reason, the emphasis must be on keeping ALL of us vigilant.

When an end user has received a single training session on how to recognize phishing emails, the infection rate drops from more than 30% to less than 2%! Consider that the average cost of repairing an infection is more than 9 hours or paying the ransom of one bit coin, which today is around $500.

End-user training doesn’t have to be complicated or expensive. Most of us are already wary of an email asking us to cash a check for some guy in Nigeria or the one from the “IT” department asking us to confirm our network credential by clicking “here”. The trick is to continue to reinforce the fundamental lessons we have learned.

Here at CSI, we have been using an extremely effective phishing test solution that also provides for end-user training. The results I mentioned above are what we are experiencing. Your users can go through the material at their desk, at their own pace. Using a common-sense approach and non-technical language, this solution works for all users and job types.

Training is Part of a Comprehensive Plan

The Osterman Research study also found that these same CIO’s and CSIO’s who were surveyed were hedging their bets against another infection by implementing disaster recovery solutions that could give them a point-in-time backup image of their data.

At our recent Lunch and Learn, Special Agent Jake Foiles, shared that many online back up programs are being attacked by the ransomware and may be deleted. Having off-site backup is critical for protecting your company.

We currently have more than 70 image-based backup servers deployed, and the average recovery time for a ransomware server infection for our clients is less than four hours! That’s half as long as the experts say most infections take to remove. And the best part is that you’re not paying some Internet criminal to get your data back!

One Sheet of Paper Can Get You Started

To start your teams training we created this infographic to share with your team. It will show them what to look for when they receive an email.