Why Your Employees Are Your Biggest Threat In A Ransomware Attack

Ransomware is a risk that too many businesses still ignore or underestimate despite the frequency and impact of attacks. Thanks to the increasing sophistication of cybercriminals, these days your employees are your biggest threat in a ransomware attack.

Security standards such as firewalls and antivirus software will not protect you from ransomware attacks via phishing emails or social engineering scams. Untrained employees clicking on fake emails or providing their login information or other sensitive business data can leave you vulnerable to a raft of damaging ransomware attacks.

What Is Ransomware

Ransomware is a type of malicious software that cybercriminals use to prevent access to your systems or computer files unless you pay a fee, often in the form of untraceable cryptocurrencies such as Bitcoin. It requires minimal technical expertise, is low cost and can result in significant financial harm and severe reputational damage.

Recovering from ransomware is almost impossible without comprehensive backups, which is why taking steps to protect yourself is so important. Learn more about ransomware and how it works.

Increasing Sophistication of Ransomware

Modern cybercriminals can be incredibly clever, crafting fake emails that look legitimate. Whether it’s a genuine-looking message from a bank advising your account is overdrawn, a major brand asking you to reset your password, or even a delivery company asking you to confirm delivery information, the email can look the same as the real thing, down to logos, names and signatures.

If the email recipient isn’t paying attention to details or is naïve or untrained in basic cyber safety, they will click on the link and action the request. Firewalls won’t recognise the phishing email as a threat, and antivirus software won’t be able to protect your systems.

More frighteningly, a ‘spear phishing’ or targeted phishing attack can make employees (and your business) even more vulnerable. Spear phishing involves a hacker researching a specific target employee and then designing their message specifically for them, making it look genuine.

For instance, an employee may receive an email from what appears to be a payroll or HR employee, requesting they verify account information. Or it could be a fake message from the business owner or director, with a copied domain and signature.

protect your business with cyber security services

Cost of Ransomware

According to Crowdstrike chief technology officer Michael Sentonas, the nature of ransomware attacks has changed in recent years.

“The days of paying a few hundred dollars to get your documents back have long gone,” he said. “The average cost has grown significantly. I’ve seen examples of attacks with demands of $US5 million, and people are paying it.”

Sophos recently released its global survey, ‘The State of Ransomware 2021’, which reveals that the average cost of recovery from a ransomware attack for an Australian or Asia-Pacific business has more than doubled in a year, increasing by more than $1million, to a staggering $2.3 million in 2021.

Educate Your Staff about Cybersecurity

As well as implementing best-practice cyber security ransomware protections, employee education is your best defence.

Implement thorough and regular employee training to ensure your employees are ‘cyber smart’ and aware of what a phishing attack may look like. Obvious signs are poor grammar, incorrect spelling, and threatening language. More sophisticated attacks use techniques such as sending an unpaid invoice, which an unsuspecting employee may be more likely to open.

Read our top tips for educating employees about cyber security.

Test Your Systems and Employees

Regular testing and training for staff have proved to help beef up cybersecurity for businesses, with many companies seeing dramatic improvements in as little as three months.

Continued training and phishing simulation emails help keep staff alert and on their toes when it comes to recognising scam emails.

Stay Informed

The best defence is a strong offence when it comes to protecting your business from ransomware attacks. As well as implementing best-practice cyber security and employee education programs, keep up to date with the latest cyber security news and practices and understand how to identify and respond to a ransomware attack if the worst were to happen.

Seek Expert Assistance

If your business lacks the skills or resources to effectively manage your cyber security and educate your employees, Surety IT can help you create a cyber security strategy, implement effective systems and procedures, and conduct employee education programs to help protect your business.

Contact Surety IT today to discuss how we can help protect your business from ransomware and other cyber security threats.

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top