Tag Archives: Alert (TA16-091A)

User awareness training – the forgotten first line of defense in the fight against ransomware

2 April 2016

Ransomware attacks seem to increase dramatically at the moment. In particular hospitals all over the world suffer gravely from attacks. Last Thursday, the governments of the United States and the Canada published the joint Cyber Alert (TA16-091A):

‘The United States Department of Homeland Security (DHS), in collaboration with Canadian Cyber Incident Response Centre (CCIRC), is releasing this Alert to provide further information on ransomware, specifically its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware.’

In section Solution advice is given for preventing infections and for risk mitigation. To be honest, this alert should be a mandatory reading for all administrators.

But user awareness training is shabbily treated, although it is the first line of defense and training material is available. The Stop.Think.Connect Toolkits offer target group specific training materials and tip cards. In the Industry Employee Tip Card eight simple tips are given, e.g.

  1. Don’t share any of your user names, passwords, or other computer or website access codes.
  2. Only open emails or attachments from people you know.

Let me add my favorite tip:

  1. Don’t use your company username, password and email address for private purposes.

Have a good weekend, and start with awareness training on next Monday.