Are your employees paying ransom on your cyber attack?
A staggering 59% of office workers have paid ransom on their company’s ransom attack at work. A recent study, by Intermedia, a cloud provider, surveyed 1,000 office workers. The office workers stated that 37% of the time the employer paid the ransom, but more frequently, the employee paid. Sadly, in 19% of the time, the data was not returned after the ransom was paid.
Ransomware is big, big business. It is projected to cost companies over $5 billion globally. There is no indication ransom attacks will decrease in 2018.
Of the millennials in the survey, 73% said they personally paid the ransom. The study also found that 78% of the men knew what ransomware is, but only 60% of the women that responded said they were familiar with it. Most of the workers surveyed said their company discussed cyber threats, but 30% said they are not aware of ransomware.
Reasons why the employee paid may be due to concern about getting the employee’s own data back or embarrassment because the employee is not following the company’s data back-up plan. Or the employee is embarrassed that they became a victim. If the employee was accessing personal email and opened a link or attachment, the employee may be afraid of being fired. Many companies state using company computers for personal use is not allowed and the employee may be terminated.
What you can do
Business owners should educate staff on what they need to do if they do receive a ransom demand at work. Now that more employees know about potential threats, cyber training should be expanded to response awareness.
Additionally, business owners should review their human resources policies to ensure events that could result in termination are in alignment with the risk and related damage the company might incur. While you don’t want employees opening malicious documents at work, it is even worse if they don’t tell you they received a ransom demand. If you don’t know about a demand, your business can’t respond effectively, causing your business to be more vulnerable even if the ransom is paid.
About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.