Recognizing and Managing the Threat of Malware, Part 1
“Click here.” It wasn’t all that long ago that putting one’s cursor over such a phrase in an email or on a website was done with next to little concern or worry that clicking on the hypertext would even remotely result in anything that would be considered an adverse outcome. Well, times are changing and those days are long gone. We are in much more challenging times. It seems one can’t go a day without reading of an organization which is dealing with issues related to malware, which was introduced by someone clicking a hypertext link. Therefore, it is important that folks consider the current environment and act accordingly.
Malware Attacks Are Rising
Though there may be some debate on the rate of increase of malware attacks over the past year, most if not all studies agree that malware attacks are on the rise. Subsequently, malware attacks present a significant risk of compromising the security of an organization’s information system. Security in this context refers to the properties of data with respect to its confidentiality, integrity, and availability. Individuals that launch malware attacks are also making use of a category of malware referred to as ransomware. Briefly, ransomware encrypts an organization’s files and the organization is asked to pay a ransom in order to get the keys to unencrypt the affected data. In the early days of ransomware, people would often suggest that a ransom should never be paid. However, this position has evolved since then. Whether or not to pay a ransom is now more of a case specific, business related decision which does result in some organizations paying the ransom.
What to Do Next?
On what are next steps, I will be offering two follow up blogs related to the threat of malware. The first step will focus on efforts related to administrative safeguards. Given that administrative safeguards rely on some part on the choices made by individuals, they may be the weakest of the three types of safeguards (administrative, technical, physical). However, given the likelihood that individuals will be involved on some level as targets of a malware attack, it is critical that they understand what they are expected to do.
The next blog will focus on what is often overlooked and not discussed very much, because so much focus is applied to the training of staff as part of the administrative safeguard focus. The following blog will focus upon what to do after a successful malware attack. This is a critical area, because often organizations overlook that it only takes one individual to fall victim to a malware attack to potentially affect the entire organization.
BridgeFront offers industry-leading out-of-the-box courses to accelerate compliance for hundreds of healthcare organizations. To access a free set of these courses, click HERE and enter the code: comply.