A cornerstone of any resistance to malware is user education. Administrators and other IT staff do not fully understand the complexities of computers, as computers make sense and are quite simple. The normal user does not feel this way about a computer, so education on how to behave with regard to attacks is important.
Ransomware, like nearly all other malicious attacks, can start with a simple click of an attachment. Some key concepts that all users need to be schooled on include:
- If you do not know the person that is emailing you, do not click on any attachment included in the email
- Verify that the email is valid before clicking on any attachment included in the email (show them how to verify the actually email address)
- Show them how to scan attachments before they open them
- Give them a hotline or email that they can contact if they feel they have a bogus email
- Inform them that even the most basic and inconspicuous icons, graphics, etc on a web page can include malware code
- Show them how to verify the URL and or code behind icons, graphics, etc on web pages
Some feel that “shocking” users with terms, graphs, numbers, and overall effects of an attack will help them understand the importance of being diligent. However, consider that the user is already overwhelmed with the fact they struggle getting logged in, throwing too much information at them could really backfire and cause them to not care at all. Baby steps are the best way to approach most users with helping them help you try and stay clear of these attacks.