Based on early news reports, it’s possible that another widespread ransomware attack is sweeping the globe. It may spread using the same vulnerability that the WannaCry attack used in May, or it may be a new virus. Either way, if organizations don’t patch their software, they’re at risk. It’s crucial to keep operating systems and other software up to date.
If you’re a computer user, what else can you do to avoid losing access to your data because of a ransomware attack? Back up your files! Here’s a lighthearted reminder that backing up your files is serious business.
Take a quick glance over your mobile apps, see what you have installed there.
- Remove any apps you haven’t been using – they are vulnerabilities for your security and privacy.
- Revoke permissions for apps that require access to sensitive information – why would a flashlight app request access to read your messages, for example?
- Keep your apps update – this lowers the chances for malware to take advantage of their vulnerabilities.
And remember to never install apps from anywhere else but the official app store. In Android, there’s a setting that also doesn’t allow apps from third parties to be installed.
Do you remember the scam with the Nigerian prince who claimed to be rich and endangered and asked for your money?
Those scams never disappeared, they just evolved into bigger and more complex scams.
They now take the form of contests on social networks, with airlines that offer free tickets or Apple giving away free iPhones. Or videos and eBooks that claim to help you get rich in no time.
Three basic rules:
- If it’s too good to be true, it probably is.
- Nothing in this world is free.
- Always check from at least three trustworthy sources. “Trustworthy” = official website, official social channel (look for the blue check mark), legit media or by directly contacting the company.
Stop comparing yourself to those around you.
So what if they don’t use two-factor authentication?
So what if they don’t pay for a trustworthy antivirus?
So what if they don’t update all their software or backup their data?
You should know better.
Don’t let them influence you or he measures you take in order to protect your data.
- Use a strong, unique password for every website. Yes, that means you’ll have to install and use a password manager.
- Set your smartphone to lock after a short idle time, and set it to require authentication for unlocking. If at all possible, use something stronger than a simple-minded four-digit PIN.
- Never click links in emails or texts that seem to come from your bank, the IRS, or any other institution. If you think the message might be valid, log into your account directly, without using the supplied link.
You’ve probably heard about the study that shows how humans became so distracted because of computers and internet, that we are now competing with the attention span of a goldfish (and the goldfish will probably win in a year or two).
I don’t know how researchers ended up with this conclusion or how they measured it (perhaps they made it watch 50 Shades of Grey?), but I do know that it only takes one unfortunate click to end up with a malware infection.
Stuff not to click on:
- Any short links, that you have no idea where they lead
- Any emails or attachments that you never requested
- Any shady Facebook apps (especially those who claim to let you see who visited your profile).
Ransomware is a very real threat. Its rapid growth is being driven by the low risk to attackers and good financial returns. We all need to stay ahead of the game. Let’s start now and be safe not sorry!
How to protect yourself
Recovering files from ransomware is impossible without the attacker’s approval, so you need to avoid data loss in the first place. The best thing you can do is practice good “digital hygiene”:
- Don’t fall prey to social engineering or phishing, which is where an attacker attempts to have you reveal sensitive information to them. If you receive a suspicious email from your grandma or work colleagues, ask yourself whether it’s unusual before you click. If you’re not sure, contact the sender via a different medium, such as giving them a phone call, to cross-check
- Don’t install any software, plugins or extensions unless you know they’re from a reputable source. If in doubt, ask and only rely on trusted download sources. And certainly don’t be tempted to pick up USB sticks found on your pathway
- Update your software (comprising your operating system, web browser and other installed software) regularly to ensure you are always running the latest versions
- Backup! Important documents need to be treated like valued possessions. Grab a hand full of USB keys and rotate your backups daily or weekly, and don’t leave USB keys plugged in (current malware strains can scan removable USB disks). Having multiple copies means the adversarial effort on holding you for ransom is pretty much worthless.