15 ways to minimize risk of ransomware attacks on your HRMS
Ransomware is an increasingly big problem for enterprise software and organizations in general but there are a number of basic security precautions you can take to protect your HRMS data from malicious attacks.
What is ransomware?
Ransomware is software – or more accurately, malware – that encrypts your data, effectively blocking you from accessing it. You then receive a ransom note, demanding a sum of money in exchange for the unique encryption key. Of course, there is no guarantee that your data will be unlocked if you pay. Depending on the value or saleability of the data it might also be offered to other ‘buyers’. For a more detailed explanation, start with Wikipedia.
Prevention is better than cure
To prevent a ransomware attack, the following tactics will all reduce your risk:
1. Don’t open attachments or click on links in emails from unknown sources.
2. Train ALL your staff in basic HRMS security, especially the above point.
3. Install a reliable, paid-for antivirus software.
4. Back up every day, including any information kept on employee-held devices. Backing up is the best defence.
5. What’s more, back up to a secure and off-site location – they may lock you out from one system but it’s unlikely that they’ll lock you out of both.
6. Segment the network – if all your data is in one place, accessible by everybody, you’re at risk.
7. Hire outside consultants to carry out vulnerability/penetration testing on your system.
8. Some ransomware comes via malicious online ads – use an adblocker.
9. If you use Dropbox, Google Drive or a similar cloud file sharing tool, ensure that the application does not turn on by default. Access them when necessary to sync files and then close them down.
10. Keep your operating system and all software up to date, especially the security updates.
11. Restrict your own HRMS security settings. Yes, somebody has to be the system administrator, but if that account is compromised in any way, the hacker then has administrator access. One solution is for administrators to use a ‘regular’ account for everyday use, only logging in as an administrator when those additional access privileges are required.
12. If you don’t use macros in the Microsoft Office suite of applications, turn them off.
13. Many experts recommend removing plugins such as Adobe Flash, Adobe Reader, Java and Silverlight from browsers – again, if you don’t use them, there’s no point in running the risk they present.
14. Have an HRMS security strategy prepared for if the worst happens; in particular how you will rapidly communicate the problem to all relevant staff.
15. If a machine does become infected by ransomware, remove it from the network immediately.
16. Finally, once more, for emphasis, never, ever open attachments or click on links in emails from unknown senders, or even open emails that are obvious spam.
Why mobile HRMS security must differ from standard security practices
Mobile HRMS security has some unique issues, which you should take care to address
Has your HRMS provider gone out of business? Here's what to do
Tips on picking up the pieces when your HRMS provider goes out of business
On-premise HRMS security: four tips
How to beef up security for your on-premise HRMS, including disaster recovery, mobile security an...