Ransomware attacks have become an important issue for companies over the last few years. Hackers use this type of malicious software to crypt the data of one or more computers and block companies from accessing their IT system. They then ask a ransom in exchange for the data.
A ransomware is a virus introduced into servers via email, a USB key, or any external component that can access a workstation or server. This can result in serious consequences for companies:
- Loss of money : The ransom amount for retrieving data varies, and it is often asked in BitCoin, a virtual currency very difficult to trace;
- The costs related to downtime and the retrieval of data can quickly add up.
- Loss of time: the retrieval of data can be long and difficult, especially if the recovery plan is not up-to-date.
- Loss of data: crypted data can’t always be retrieved.
No company is safe from emails containing ransomware. This type of IT disaster affects not only big companies, but SMBs too, which is why it is essential to know how to prevent this sort of situation.
The issue of employee access management
Ransomware is often introduced into a computer by way of an email attachment or a USB key, or after a user visits an infected website. For example, if an employee opens an email in Hotmail containing a virus on his or her professional computer, it risks spreading onto all the company’s servers.
In this digital age, more and more employees are pressuring their employers to have the liberty of consulting their personal emails or navigating social networks on the company’s computer systems. This situation constitutes an important security vulnerability since one of the main sources of ransomware attacks is employees consulting personal emails at work.
In order to reduce risks, some companies offer restricted access to certain people, using a password for example. However, granting access is a flaw in itself because all they have to do is open an infected email for the virus to spread to the whole network. Besides, access management is very complex and requires a structured approach to protect information from users adequately. Access management should therefore not be the only solution, but rather a part of the general security plan.
An internal policy on Internet and workstations use can also help raise employee awareness on the dangers of using their computer for personal reasons. It also supports IT security efforts.
This being said, although these good practices help reduce risks – and are essential for a company’s security –, they are not effective against the opening of emails containing ransomware.
The test infrastructure (Sandbox): an effective solution against email ransomware attacks
One of the best solutions for detecting emails containing ransomware is undoubtedly the use of a test infrastructure (Sandbox). It acts as a security zone where everything that enters a company’s servers is filtered and analyzed so that nothing malicious comes through. The test infrastructure studies the behavior of software, an email, or an application and prevents it from affecting the computers and servers before it appears on the computer’s network. The test infrastructure’s role is therefore to run programs in a closed zone, with no risk to the IT environment.
A test environment is a good option for companies who want to give their employees greater Internet access. This way, companies limit the risk of an employee spreading a virus to the whole IT system; if the security server detects anything malicious, it won’t even enter the system.
Want to reinforce your security plan regarding accesses and the opening of emails? Plan a meeting with an expert in infrastructure and IT security.