Malware – Preventing an Attack, Part 2
This is the second part in a series. See part 1 here.
Front line staff that receive emails and email attachments can provide an effective front line defense against malware attacks. The upside is that with effective training and ongoing awareness reminders about how to thwart an email-based malware attack, an organization can put itself in a much stronger position to avoid falling victim to malware. The downside is that it may only take one person to make the mistake of clicking on a link or opening an email attachment from a well-disguised or crafted email to enable a malware attack. However, in my opinion, this possibility should not dissuade organizations from taking the following steps to help in avoiding the consequences of a malware attack.
What to Expect and What to Do
I find that people tend to do very well if they are given a chance to become familiar with a situation and what to do when such a situation occurs. The same holds true, in my opinion, with respect to training staff on what an email-based malware attack may look like and what steps they are to take. For example, as we are focusing on email-based malware attacks, staff may benefit from seeing examples of well disguised emails that appear legitimate but are actually fake emails designed to catch people off guard which might then result in their clicking on a link or opening and attachment which then launches a malware attack. Also, sending “fake” emails to see if the staff responds in accordance with their training is also a good way to keep them aware of possible malware attacks as well as to help them build confidence on how to respond accordingly.
Another effective way to help promote the staff’s continued engagement in avoiding malware attacks is to periodically send out a communication on what the staff has done to prevent malware attacks. For example, if the organization’s process is for staff to forward suspicious emails to a designated address or some other action that is trackable, let the staff know as a whole how they are doing. This way people develop a sense of ownership and responsibility both individually and as a group on how they are successfully preventing malware attacks.
Despite the best laid plans, chances are that the organization will experience a successful malware attack and will need to deal with the effects of the type of malware involved. This is where the next blog explores the idea of how to prepare to respond to a malware attack that may get through even the best trained staff.
BridgeFront offers industry-leading out-of-the-box courses to accelerate compliance for hundreds of healthcare organizations. To access a free set of these courses, click HERE and enter the code: comply.