By Tatum Hunter, Washington Post, July 8, 2021|

When a security vulnerability at IT software-maker Kaseya led to a ransomware attack that affected 800 to 1,500 businesses, it wasn’t one employee’s fault.

But that’s not always the case.

Ransomware, which locks down a target’s computers and data, can infect a network a few different ways, including through employee accounts. Click the wrong link, open the wrong attachment or log into the wrong website, and you could put your company in a perilous position.

Depending on their roles, some employees find their inboxes flooded with hundreds of phishing emails designed to steal the recipient’s credentials, says Ryan Kalember, executive vice president of cybersecurity strategy at security firm Proofpoint. That requires constant attention, especially as ransomware attacks become more frequent and their demands more intense. The average ransomware payment has nearly tripled so far in 2021 compared to last year, with targets doling out about $850,000, according to a report by Palo Alto Networks.

“If you have a word like ‘accounts’ in your title, you will be attacked more,” Kalember says.

And that doesn’t mean others should let their guards down. Plenty of firms don’t have the resources to invest in frequent training, software upgrades and security systems — so employees become the first line of defense.

Luckily, conning people is an ancient art, and ransomware groups aren’t breaking new ground. Phishing emails aim for an emotional reaction, says Palo Alto Networks Deputy Director of Threat Intelligence Jen Miller-Osborn. These messages pull busy employees in with promises of money, important company secrets and even cute animals pictures.

Keep an eye out for these phishing red flags to avoid ransomware and cover your behind.

Here’s how employers can help individuals guard against phishing and ransomware:

Train employees to spot phishing attempts

Employees need frequent training to keep up with the evolving format and content of phishing emails. One study from a few German universities found employees’ ability to identify phishing attempts drops just six months after their initial training, and that video and interactive training courses are most effective.

Authenticate your corporate email domain.

This blocks the delivery of messages from fraudsters pretending to be a member of your organization. Check with your email service provider, like Microsoft Outlook or Google, to get started. You should also attach warnings to emails coming from external senders or containing links or attachments — both Outlook and Gmail offer this feature.

Clarify what employees should do if they click a suspicious link or attachment.

If people are afraid to report or don’t know how, they probably won’t do it. Make sure reporting procedures are outlined in your company’s security policy. Kalember recommended automated reporting, which lets employees report malicious email with the click of a button.

Leave room for human error.

Somebody is always going to open the phishing email promising adorable kitten pictures. So consider hedging your bets with anti-phishing technology like remote browsers, in which URLs open not in a traditional browser, but in a special environment in the cloud that disappears as soon as you’re done with it. That way, no matter what the URL contains, it can’t compromise the employee.

Conduct ongoing security testing.

Attackers use malicious files and compromised business email accounts to install ransomware on company computers and networks, but software vulnerabilities are another way in. Your company’s IT team — or a third party — should be actively looking for threats on your network.

Carriers building superfast 5G networks must install tons of small cell sites — about the size of pizza boxes — to light poles, walls or towers, often in relatively small proximity to one another. For that reason, superfast networks are mostly being deployed city by city. Eventually, most US carriers will have a mix of the different network types that will enable both broad coverage and fast speeds.

Just how fast will download speeds be?

Just how fast will download speeds be?

The fastest 5G networks are expected to be at least 10 times faster than 4G LTE, according to wireless industry trade group GSMA. Some experts say they could eventually be 100 times faster. That’s fast enough to download a two hour movie in fewer than 10 seconds, versus around 7 minutes with 4G. Actual download speeds will depend on a number of factors, including location and network traffic.

How can you use it?

In order to connect to and get the benefits of a 5G network, consumers have to have 5G-enabled devices. Samsung, Motorola, Huawei, LG, OnePlus and several other device makers have released 5G phones. Apple is widely expected to release a 5G iPhone later in fall 2020. Some companies — including manufacturers and the NFL — are also working with carriers to install personal 5G networks so they can reap the benefits without waiting for the nationwide rollout.

Are there drawbacks?

Significant adoption of 5G is going to take years — industry trade group GSMA estimates that by 2025, around half of mobile connections will be 5G (the rest will be older tech, like 4G and 3G). There are also concerns among regulators and others about the security of 5G, especially since crucial technologies such as self-driving cars and healthcare systems will be built on top of the network.