The term “ransomware” has become all too common in today’s cyber security discussion. For those who have heard the term, but unfamiliar with what it is, here’s a brief definition:
Our friends at ZDNet describe ransomware as a form of malicious software–or malware–which encrypts documents on a PC or even across a network. Victims can often only regain access to their encrypted files and PCs by paying a ransom to the criminals behind the ransomware.
The “bad guys,” or “malicious actors” as we call them in the cyber security biz, are threatening to hijack more than just proprietary data from businesses, nonprofits and/or government entities. More than ever, the “actors” are tapping into your ethos and pathos by threatening to adversely affecting your company’s reputation.
Two recent news items underscore the point:
- Extortion Scam Threatens Website Owners With Reputational Damage
- Send Bitcoin or your company’s reputation is TOAST!
But what can these actors actually do to hurt your reputation? Some claim they can send offensive messages to your beloved staff or valuable customers. Other claims include circulating spam on your company’s behalf, spread lies on commonly visited social media platforms and falsify information about your sales practices. Once this erroneous news is out there–regardless of how false the information is about the company–it’s hard to reverse. Like attempting to put toothpaste back into a tube. Your staff and customers are understanding and forgiving, but the impact still lingers.
From a reputation management perspective, ReputationUs Cyber Support recommends a few initial steps:
- Awareness. Many times these actors come through phishing attacks. Your IT team can typically stave off extortion scams by conducting regular internal awareness campaigns and establishing strict policies, while implementing email security solutions.
- Identify vulnerabilities. Overall, where is your company most reputationally (yes, new word!) vulnerable? What are some Achilles Heels that your company has recently experienced via your staff, prospective employees, customers, future customers, media, or social review sites?
- Training. Your company can also perform regular phishing tests to evaluate how well the awareness strategy is working. Better to fail during practice than in a real game, right?
As we say here at RepUs, protect the reputation that precedes you, BEFORE a crisis (or ransomware) DEFINES you.