Ransomware is malware that denies users access to their own device. It is increasingly showing up on mobile devices. Mobile ransomware infects the victim's phone by blocking access to apps while displaying a message explaining how to pay the demanded ransom. Various forms can lock the keys and replace the home screen with fraudulent official warnings which state that the ransomware recipient broke the law by visiting illegal websites. The ransomware shows screenshots from the illegal website and the user's browser history, and demands a $500 fine. Attackers are indiscriminate in selecting victims, who simply need to click on the wrong link on a smartphone to be infected.
To defend your agency's devices from ransomware and other malware:
- Password protect devices.
- Update software regularly. Malware is constantly being modified and improved. Outdated software simply won't stand up to more advanced malware.
- Avoid questionable downloads. If you don't trust the source of a download, don't download it. Otherwise, you're inviting an attack. Beware of app reviews; many fake ones seek to give you confidence in malicious apps.
- Employ mobile security. You may have the latest spyware and virus blockers on your agency desktops, but do employees have the same on their tablets, phones, and other portable electronics? If not, once connected to your network, these devices may leave it vulnerable to breaches. Establish mobile and employee owned device policies to make certain employees don't create unguarded network access points.
- Don't allow employees to access sensitive data through unsecured connections, such as a local fast-food franchise's or coffee shop's free Wi-Fi. Public Wi-Fi hotspots are especially prone to malware.
- Use encryption software. Unencrypted company devices can be "mined" for company data and information for sale to competitors and provide easy access into company files and email. Enforce encryption policies to mitigate this risk.
All information provided in this blog is for informational purposes only. The sources used are presumed accurate. CalSurance Associates, Brown & Brown Program Insurance Services, Inc. and Brown & Brown, Inc. will not be liable for any errors, omissions, losses, injuries or damages arising from its display or use and will not assume responsibility for any misguided information. No guarantees are implied.