Essay Sample on Ransomware & Phishing: How to Protect Your Data

Introduction

Ransomware refers to a form of malicious software the hackers use to bar a user from accessing the information on the system. These hackers encrypt a file on the user's system, add an extension to the data, and hold it until the payment of a ransom. Phishing refers to a cybercrime where the targets are contacted by email, phones, or SMSs by someone acting as a genuine establishment to trap individuals into providing confidential data including passwords, and credit/debit card information. This paper will analyze the various impacts the two can have on the employees, the risk it can pose to the organization, and the recommendations which can be used to curb their effects.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Ransomware and phishing are a common occurrence in workplaces in modern times. The users are blocked from accessing the system's data and are demanded to part with a certain sum to re-access the files. The employees might be decoyed to share sensitive credentials in exchange for data access via spam messages (Al-rimy et al., 2018). Organizations, are at the risk of losing valuable data, which may be used negatively against the company. Dangers also include loss of productive time, loss of finances in tackling the security breach, network modification, and legal fees (Center for Internet Security [CAS], 2017). Access to employee credentials, in sensitive areas of the organization, might lead to financial and organization's sensitive data loss.

Ransomware is spread via phishing messages, which comprises of the malicious attachments, through downloading files from untrusted sites, or drive-by-download. The drive-by download refers to a situation where a user unsuspectedly visits an infected website causing the malware to download automatically and self-install without the user knowledge (Mansfield-Devine, 2016). With the rise of social networks, a majority of the people are targets of spammed messages and promotional messages on their phones and computers. Upon receipt of the spams, employees might be tempted to open, leading to malware preinstalling within the system, causing an invasion of the internal workplace network.

To mitigate these risks, a few recommendations should be implemented. These include securing the networks by having an incident response plan, which recommends what should be done before, during, and after the attack (Richardson & North 2017). The organization should always have data backup in independent physical disks and secure cloud storage, such that in case of an attack, data can be retrieved without halting operations or engaging the cyber attackers. Premium anti-malware and antiviruses should be installed and enabled, regularly updated, and at the same time conduct a regular check on the networks and system to detect any possible attack (Richardson & North 2017). By using proxies, the organization should restrict access to the internet and consider installing ad-blockers in the system.

The second approach should include securing the end-user by providing the employees with training, social engineering, and phishing training (CAS, 2017). The employees should be discouraged from opening suspicious files and emails and be cautious or blocked from visiting any unknown websites. The users should close the tabs of their browsers when they are not using them. The users should have a reporting plan, which makes the process of reporting any suspected activity known and easy. Upon detecting an attack, the infected system should be disconnected to prevent the spread, determine the affected data to assess the possible mitigation procedure. System should be restored and infection reported (CAS, 2017).

Conclusion

In conclusion, ransomware and phishing are commonplace in the contemporary digital world due to the rise in the use of technology in workplaces. The two are interdependent in that one is initiated by the other. The risks associated with ransomware and phishing are damaging to the company and may set a company back with losses involving confidential data, and finances. Thus, the companies should put up measures to mitigate these risks by securing the network, training the employees, and having a well-planned responding strategy.

References

Al-rimy, B. A. S., Maarof, M. A., & Shaid, S. Z. M. (2018). Ransomware threat success factors, taxonomy, and countermeasures: A survey and research directions. Computers & Security, 74, 144-166.

Center for Internet Security. (2017, May 18). Ransomware: Facts, Threats, and Countermeasures - CIS. CIS. https://www.cisecurity.org/blog/ransomware-facts-threats-and-countermeasures/

Mansfield-Devine, S. (2016). Ransomware: taking businesses hostage. Network Security, 2016(10), 8-17.

Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation, and prevention. International Management Review, 13(1), 7-10.