Ransomware & Phishing - Keeping your account secure
A new wave of phishing and ransomware e-mails are targeting organisations across the country. Find out how you can keep you account safe!
Steps To Take To Protect Your Data
We have recently seen an increase in the number of ransomware and phishing attacks targeted at schools. Ransomware encrypts files on a PC or network folder, making them unreadable, and then demands a sum of money be paid in order to release the files. If the fee is not paid, the files are often unrecoverable. In our setting, a ransomware attack could encrypt the shared area and your documents. Should your credentials become known to malicious users, the data we hold could be vulnerable to attack. This could lead to a data breach under GDPR legislation. We therefore need staff to be vigilant.
Were you expecting the email?
Is the email worded any differently to other correspondence you have had with that person?
Are there any obvious spelling or grammatical errors that may cause you to doubt the source of the email?
Does the e-mail address match the users normal address, and is it written in a way you would expect based on previous conversations?
Does the login page look familiar or is something not quite right?
Preventing Data Loss
The attack will usually arrive as an attachment to an email, or a link to a website. The email may look genuine and appear to be from somebody you know. Please ask yourself the following questions if you have a suspicion.
If you are in any doubt at all, contact IT Support, and under no circumstances open the attachment or click the link. You may also contact the sender to confirm the message is genuine but do so using an email address or phone number you know to be valid, not via the “reply” button.
Since the introduction of GDPR, more and more of us access secure e-mail services as part of our roles. Hackers are aware of this and now design fake portals to trick you into entering your login details. When accessing a secure portal, check the website address is verified and the certificate is secure. It’s also important to check that the website address matches the service you are planning to use. If you are unsure or haven’t used a service before, speak to your IT team to verify the authenticity of the page. Never enter your credentials into a page if you are not expecting a secure email.
If you have entered your credentials by mistake, there is no need to panic. The most important thing is to immediately contact your IT team, so that your account can be secured. Early notification is the most important part, as it allows us to restrict the hackers access to your data. Most recently, hackers have accessed email addresses and forwarded or replied to existing conversations.
Threats are also targeted at home users. A police-badged “pop-up” may appear advising you that your computer has been locked and you need to pay a “fine” in order to avoid prosecution. It is worth making sure that you have an up-to-date backup of any files on your personal computer. Once ransomware has encrypted a computer, the data is irrecoverable.
If you have any questions or concerns, please get in touch with us. We are happy to provide advice and guidance as improving security benefits all internet users. In order to make sure your organisation is prepared, take a look at some of the services we provide.
What precautions can we put in place?
You should speak with your IT professionals to implement a level of security that is appropriate to the needs of your organisation. This will depend on the amount of personal data you hold, your budgets and the types of threats you face. It’s important to get the balance right, and there is always a trade off between user inconvenience and data protection.
If you would like to arrange a free security audit, please get in touch with us. Our experience of providing secure network solutions and GDPR consultancy makes us the perfect choice to report on your current solution.
Do we use two factor authentication to secure our accounts?
Are the administrator accounts appropriately secured?
Do we have sufficient ransomware and anti-virus protection in place?
What backup strategies do we have in place?
Do we know what constitutes a data breach and how we would investigate?
Our team are experienced in the deployment, monitoring and daily usage of advanced security solutions. Whether you are looking for some impartial advice to set you on the path to compliance, or a full installation, we are here to help. Find out more about what we offer by clicking here.
Education Support Contracts
We offer bespoke support contracts around the needs of your organisation. With our experience based primarily in education settings, we can help bring your school up to scratch. We also work with multi-academy trusts to help set the vision for your organisation. Find out more about our services for schools, or academy trusts.
Data Protection (GDPR)
If you’re struggling to get your head around data protection compliance, or need help with your data auditing our team are here to help. We can provide you with a set of compliant policies, and work with you to design your privacy notices. Find out more here.
What People Are Saying
The Little IT Company have been invaluable since they started with us. I really do not know what i would do without them. I hope they stay for years to come.
The Little IT Company are our recommended suppliers. They are fast and responsive and even host our website as our previous supplier did not meet out needs
We're Here To Help!
Lancashire, WN2 2HF