Ransomware is not a new idea, but it’s a growing threat to all organizations. It’s a type of malware that prevents you from accessing your data until you pay a ransom. This is a big deal for businesses because sometimes the data that is locked up contains personal customer information or the data is critical to everyday operations. That’s why many organizations have been forced to pay up. Healthcare organizations have been in the spotlight for recent ransomware attacks, but no organization or industry is immune.
Education Is Biggest Target for Ransomware in 2016
According to a 2016 BitSight Insights Report, an estimated 4,000 ransomware attacks have occurred every day since the beginning of 2016. These attacks are becoming more and more common across all industries. The report looked at nearly 20,000 companies in several industries, including healthcare, retail, government, finance, and education. Surprisingly, education is the most likely target for ransomware at the moment. The report showed that 13 percent of organizations in the education industry were attacked by ransomware over the past year while 3.5 percent of healthcare organizations were attacked.
It makes sense that organizations with low budgets, such as those commonly found in the education industry, would be the main target of malware. Sometimes they don’t have the IT funds to fully protect themselves, and many education organizations store a plethora of personal information for both students and staff, including social security numbers, medical records, and financial information. On top of that, the heavy levels of file sharing in education make them an even bigger target.
Damage Caused by Ransomware
Ransomware can do some scary stuff. It can encrypt files on your computers or servers so that data cannot be accessed without a passcode. This is a big deal for many organizations that cannot continue operating without their data. Ransomware can also threaten to steal or release personal information that is stored in your data. This results in business downtime and monetary damage. The situation is complicated by the fact that ransomware can travel through an infected server or network and affect multiple people or organizations.
Many high-profile businesses and organizations have been the target of ransomware attacks, such as the New York Times, BBC, and AOL. Some organizations have decided to pay the ransoms while others have not. However, the healthcare industry has gotten a lot of bad publicity for ransomware because of potential HIPPA violations for not paying, in addition to the vast number of people who were affected. At the beginning of 2016, several hospitals faced ransomware attacks. It’s definitely a concern in healthcare, but organizations in all industries need to be prepared for ransomware.
How to Protect Your Organization from Ransomware
Unfortunately, ransomware is constantly evolving; therefore, your organization is never completely protected. However, there are steps you can take to make yourself less of a target. Prevention is the best method of defense against ransomware.
An important step to take against all types of malware is to upgrade your security software. You also need to ensure you have backup copies of all critical data and store the backups in a separate location. When possible, you should minimize file sharing in your organization and also teach employees about email phishing scams and establish rules about websites that are OK to visit while on organization computers.
Ransomware is not going away anytime soon. You need a strategy to protect your organization or be prepared to spend a lot of money to fix the problem in the event of an attack. You need to be prepared whether you’re in the healthcare industry or not.
Image via Flickr by Mike Licht, NotionsCapital.com