Unser Team besteht aus erfahrenen Juristen, Webspezialisten, IT-Experten, zertifizierten Datenschutz- und Informationssicherheitsbeauftragten. Mit unserer Erfahrung, Expertise und erprobten Verfahren, helfen wir Unternehmen, praxisnahe Lösungen im Bereich Datenschutz und Informationssicherheit zu finden. So helfen wir beispielsweise bei der Umsetzung der DSGVO oder der Einführung von Informationssicherheitsmanagementsystemen (ISMS).
How does ransomware get into the company?
In most cases, cyber criminals use the human factor to smuggle in such malware. Bypassing technical security measures, for example in firewalls, is either not possible or involves a lot of effort due to adequate protection.
Authentic-looking e-mails that are personally addressed to an employee, on the other hand, offer a better option from the attacker’s point of view to allow an employee to unconsciously install malware himself. In many cases, e-mail attachments such as Word files with macros are the starting point. For example, if an employee clicks on an alleged application in the e-mail attachment, the ransomware is automatically activated in the worst case. In a short time all files to which the user has access are unusable. As a rule, these are not just your own files, but also files on network drives that are available to other staff.
Protection against ransomware
In order to protect your company from successful ransomware attacks, a large number of technical measures must of course be implemented within the IT infrastructure. Regular installation of software updates, the use of up-to-date virus scanners or the company-wide deactivation of Office macros can help. Nevertheless, computer viruses such as ransomware are becoming more and more technically mature, so that they may bypass the protective mechanisms of anti-virus scanners. If there is also the fact that employees are not aware of the correct handling of dubious e-mail attachments, it can happen that they unknowingly install the malware themselves. This is possible because, for example, macro elements in Word or Excel files are deliberately activated, although these are not automatically executed by the system.
Ultimately, criminals take advantage of a lack of awareness among employees to attack companies. Here you have to make sure that your employees receive regular training. These should convey the possible dangers as practically as possible. Interactive security awareness training courses help to sensitize your employees sustainably and sufficiently. We are happy to support you in this.
Here you can find out more about our eLearnings or our training courses.