In Focus: How to Protect Your Employees and Business Against Ransomware

Aliah D. Wright By Aliah D. Wright May 15, 2017
In Focus: How to Protect Your Employees and Business Against Ransomware

​A cyberattack that crippled more than 200,000 hospitals, offices, schools and other organizations in more than 150 countries worldwide this weekend hasn't been as widespread Monday in the U.S. as experts feared.

But it ripped through the rest of the world.

Known as WannaCrypt or WannaCry, the ransomware is believed to have been developed and then stolen from National Security Agency.

"The initial attack, known as 'WannaCry,' paralyzed computers that ran Britain's hospital network, Germany's national railway and scores of other companies and government agencies around the world" including entities in Russia, The Associated Press reported. (The Associated Press)

Security awareness training firm KnowBe4 cautioned companies to heed new alerts from Microsoft and the FBI, and offered these tips for companies on prevention and mitigation (SHRM Online):

  • Keep all software applications up to date and patched.
  • Use strong passwords.
  • Prevent workers from using macros, which automate frequently performed tasks, in Microsoft Office programs.
  • Implement strong backup and recovery policies.

Ransomware Attacks On The Rise

Ransomware attacks have risen steadily within the last year. Security experts say this weekend's attack is the worst, caused by the most widespread malware they've ever seen. A 22-year-old IT researcher in the U.K. slowed the spread of the virus Saturday, though more reports surfaced Monday of newly infected computers. (CNN Money)

HR professionals have seen ransomware attacks like this before, in which computers are infected with a virus and data held hostage until a ransom is paid. (SHRM Online)

Hackers demanded $300 in ransom from banks, government agencies, hospitals, factories, and transportation systems in dozens of places, including Brazil, China, India, Japan, Russia, Ukraine and Spain. The longer the ransom is not paid, the more the ransom increases. Security analysts feared the ransomware attack could spread as employees turned on their computers Monday and tried to work on infected devices and machines. Governments and officials worldwide raced to contain the fallout from the cyberattack over fears their failure would cause companies to lose their data unless they paid the ransom. (CNN)

Hospitals were hit, too. One doctor told Sky News that hackers had "stopped access to everything, including patients' medical records" and warned: "'It could be potentially life-threatening.'"

Some hospitals stopped sending ambulances, canceled surgeries and shut their computer systems down to prevent spreading the virus and endangering more data. (Sky News)

[SHRM members-only HR Q&A: 
How to Safeguard Employee Information]

HR and Hospitals: Goldmine for Hackers

HR professionals should prepare for more ransomware demands as they are often the first line of defense against cybercrime and the keepers of the most sensitive employee data: social security numbers, dates of birth and other personal details. Backing up files, encrypting data and patching software is of paramount importance. (SHRM Online)

In fact, the National Health Service, England's publicly funded healthcare system, was reportedly given a patch that would have prevented the hospital system from being hacked. But it was never used. (The Mirror)

Hospitals are especially attractive to hackers because they, too, contain a treasure trove of personal data that can then be exploited or sold on the black market online.

Trend Micro, a Los Angeles-based global security software company, reports that "more than 26 percent of all data breaches occur in health care, making it the No. 1 targeted industry in the U.S."

And although experts advise backing up files, hackers are targeting those backup files, too.


Was this article useful? SHRM offers thousands of tools, templates and other exclusive member benefits, including compliance updates, sample policies, HR expert advice, education discounts, a growing online member community and much more. Join/Renew Now and let SHRM help you work smarter.


Hire the best HR talent or advance your own career.

Mandating (or Not) the COVID-19 Vaccine

It's time for employers to consider whether they will require employees to get the COVID vaccine.

It's time for employers to consider whether they will require employees to get the COVID vaccine.



HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.