2022 was a breakout year for ransomware and for cyber criminals, with ransomware proving to be a lucrative business which is not expected to disappear anytime soon. While churches and non-profits are not among the top targets of cyber criminals, ransomware can hit anyone and still poses a significant threat as numerous organizations can testify to.
There is no silver bullet that will solve or defend against all ransomware, but here are some steps that you can take to mitigate ransomware attacks.
- Visit only secure websites and always verify the source of an email – A secure URL should begin with “https” rather than “http.” If you are not sure of an email source, verify it before opening and be especially careful if you are opening emails on a mobile device where typically you are more distracted than at the office.
- Implement Multi-factor Authentication (MFA) – 99.9% of all cyber breaches can be prevented and blocked by using MFA since users must provide two or more pieces of evidence verifying their identity. If you have ever tried to sign into an online account and it texts you a special code to enter, then you know what MFA is. MFA is easily implementable and available at no to minimal charge on many applications.
- Be Aware Of Social Engineering – This is a tactic used by cyber criminals to fool an individual through impersonation with one goal – to extract money or data. One common deception warning – never transfer money from an email request. Always verify verbally or follow two signature protocols like you might do with checks, etc.
- Conduct a Risk Assessment – The only way to fully understand how vulnerable you are as an organization is to face your weaknesses head-on. It may be beneficial to hire a professional who can audit your security level and identify your biggest risks.
- Conduct Regular Software Updates – Outdated software is one of the leading causes of security breaches. By keeping your software up to date, you can help protect yourself and your data from these kinds of attacks. If you are not using a piece of software, delete it.
- Manage Your Passwords – With so many separate accounts that require passwords, it is common for people to use the same password across accounts. If hackers steal one and you use it everywhere, they now have access to all the accounts that use the same password. It is vital to use a strong password or even password phrase (passphrase) in combination with multi-factor authentication (MFA). A simple solution is to use a password manager.
- Have An Effective Backup Strategy – Work with an IT provider that will automatically backup your data and assess your systems regularly.
- Strongly Consider a Cyber Insurance policy – A stand-alone cyber policy is a great financial safety net victims can fall on.
By implementing fundamental cyber security controls to prevent cyber-attacks and/or minimize the impact and recovery if an attack occurs, organizations can reduce their risks to ongoing ministry.
