Companies and individuals around the world are experiencing increased cyber attacks. The rapid shift to working from home and the growth of the remote workforce has created new security vulnerabilities and more opportunities for cyber criminals. Real estate companies have been a popular target for several years.
Ransomware is one form of malicious software (a.k.a. malware) that infects a computer and encrypts files on it, rendering those files unusable. It then displays a message from criminals demanding a ransom in exchange for a promise to decrypt the encrypted files. While ransomware has primarily targeted PCs in the past, there is no reason why it cannot similarly affect mobile devices such as tablets and phones. So these tips and advice apply equally to company computers as your personal mobile phones.
There are things you can do to reduce the chance of a ransomware attack, or once attacked, to reduce its impact:
- Do not use email to send sensitive documents or information. Standard email is unsecure like a postcard – anyone with the right access can read what you are sending or receiving.
- Advise residents and potential applicants not to send unencrypted, sensitive documents or information to you via email.
- Rental information and applications, other important documents, and pictures should not be stored in email; instead use a secure cloud storage service such as ResMan, or Google Drive as appropriate, either of which can be used anywhere you have internet access.
- Do not store any important or sensitive files on the hard drive of any company computer. Any important documents should be scanned and uploaded to an appropriate section in ResMan.
- Do not use your work email account for personal communications; or your personal email account for company communications. Not only is this a violation of the company security policies that you agreed to when you were hired, but in the even of a security breach you do not want your personal information or communications stored on your employer’s computer systems.
- Use a password manager such as 1Password, Dashlane, or LastPass to manage your passwords. Do not write passwords on sticky notes and leave on your monitor or around the desk.
- Use strong and unpredictable passwords for all accounts. Do not use birthdates, family or pet names or other words associated with you, or the word “password” or any variation thereof. Using a phrase in combination with uppercase and lowercase letters, numbers, and symbols makes a password harder to crack. Use unique passwords so a breach of one account does not put the others at risk.
- Do not share your password with anyone else.
- Never click on a link in an email or on a website without first evaluating its legitimacy.
- If you click on a link and realize something is unexpectedly downloading, immediately turn off your computer. If you were connected to the company network, notify the IT department immediately.
- Ensure your computers, tablets, and phones are updated with the latest version of their operating system.
- Consistently apply updates and patches for other installed software, such as Microsoft or Adobe products.
- Leave company computers on at night as they are scheduled to download critical updates in the middle of the night.
- Do not disable antivirus, anti-spyware, and anti-malware security software.
- Check your device’s settings periodically to make sure they are correct and have not been changed.
Remember: Always think before you click!
Questions? Speak with your supervisor.