The recent ransomware attack on a Los Angeles hospital sent a shock wave through the information security industry. (http://techcrunch.com/2016/02/17/la-hospital-servers-shut-down-by-ransomware/) Hopefully, the misfortune of Hollywood Presbyterian Medical Center will serve as a warning for everyone that handles personal data, both institutions and individuals.
What is Ransomware?
Ransomware is a malicious form of computer hacking that locks a user out of their own computer or files. The user’s data is encrypted, and the hacker then sells the encryption key to the user, holding their data for ransom. These attacks are more sophisticated than the Nigerian prince phishing emails of the past (http://www.ic3.gov/preventiontips.aspx#item-12). A public service announcement from the FBI states that ransomware losses exceeded $18 million from April 2014 to June 2015.
Online students need to be especially careful. A ransomware hack right as a term paper is due or right before an online exam would be disastrous. And when an FBI expert advises end users to pay the ransom, (https://securityledger.com/2015/10/fbis-advice-on-cryptolocker-just-pay-the-ransom/) what is an end user supposed to do?
The good news is that protecting yourself is simple and straightforward.
Follow the basic rules when using email: don’t open or download attachments, especially from senders you don’t recognize. Dwight Robinson, Information Security Analyst at Wilmington University, also suggests that online students be careful not to open emails with embedded links, and pay attention to the fonts and also the grammatical errors in the email. Robinson says, “Invest in a good antivirus like Sophos, McAfee, Malwarebytes or Trend Micro. Invest in an external drive, so later you won’t have to pay.”
The other way to protect yourself: Backup, backup, and backup.
If you don’t have a backup routine established, now is the time to get started. Online students especially need to keep private backups, as Wilmington University online courses are periodically removed from the system (http://www.wilmu.edu/blackboard/students/studentfaq.aspx#Remove) Here are some recommendations for creating your own backup procedure:
Backup regularly. Set aside time and put the backup task onto your calendar.
Backup wisely. If you have many important documents that you edit regularly, back up the documents daily. A complete system backup can be done less frequently.
Mix up your backup technologies. A cloud backup is a great idea, but don’t stop there. Use an external hard drive, dvd, or flash drive to keep backups, too.
Mix up your backup location. If you are in a flood prone area, lose electricity on a regular basis, consider leaving a physical backup at a remote location. Backup your files to an external drive or media and leave a copy with a friend or parent.
Once you have a backup routine established, test it out. Double check that you can reboot or read the files on your backup.
Hopefully, you’ll never encounter ransomware and you’ll recognize a suspicious email when you receive one. But with a backup routine in place, you can protect your data, your time, and your hard earned money.
Dr. Mark Hufe, Wilmington University’s Director of Cyber Security, has additional tips on what you can do to protect your data, minimize vulnerabilities and ward off threats, both at work and at home.