Cyber Security Training & Software for Companies | MetaCompliance


Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters



Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 

Financial Services

Creating A First Line Of Defence For Financial Service Organisations


A Go-To Security Awareness Solution For Governments


A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives



From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

MetaCompliance | Cyber Security Training & Software for Employees


With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes


Meet the MetaCompliance Leadership Team


Stay informed about cyber awareness training topics and mitigate risk in your organisation.

7 Ways Employees Can Reduce The Risk of Ransomware Attacks

Risk of Ransomware Attacks

about the author

Share this post

The risk of ransomware attacks has never been higher as cybercriminals have evolved their attacks and malware to be more difficult than ever to detect and prevent. The latest Sophos report “The State of Ransomware 2021” sums it up with around half of respondents believing that: “…ransomware attacks are getting increasingly hard to stop due to their sophistication.”

Technology intervention is helping somewhat in preventing ransomware attacks, but it is not enough. The Sophos report highlights the fact that ransomware attackers are using a mix of off-the-shelf ‘spray and pay’ and individual targeting. It is this targeting of individuals that adds a layer of difficulty in using technology to prevent attacks.

Because of the focus on the human, individual employees play a crucial role in defending an organisation from cyber attacks of all kinds, including ransomware. Here are our top seven suggestions for empowering employees with the know-how needed to reduce the risk of a ransomware attack.

How Employees Can Help Thwart The Risk of Ransomware Attacks

Ransomware attacks come in many forms, but a regular target of a hacker is an individual. Our employees are a doorway into the organisation if a cybercriminal knows how to open that door. The key to that door is often social engineering and phishing which starts the process of access to protected areas of a network. By empowering our employees with an understanding of how ransomware attacks begin, an organisation can reduce the likelihood of ending up a victim of malware. Here are seven top ways for employees to reduce the risk of a ransomware attack:

Train Employees to Spot the Tell-Tale Signs of Phishing

Phishing is a facilitator of ransomware attacks. Phishing and the results of phishing and spear-phishing, such as stolen login credentials, form the starting point of many ransomware attacks. Once an attacker has access rights, they can use those credentials to send internal emails (containing malware or links to malware infected websites) and/or login to enterprise systems using the Remote Desktop Protocol (RDP). A recent Windows vulnerability demonstrates how easy it is to escalate privileges using stolen login credentials. The vulnerability, known as PrintNightmare, facilitates the use of non-privileged login credentials to escalate the privileges of the user to allow install of malware across a network.

The act of empowering employees with knowledge of how phishing emails and spoof websites work can help stop a ransomware infection at the starting point of an attack. One tool that is used to help to train employees spot a phishing attempt is to use phishing simulations. This is a tool that can be tailored to your specific corporate needs to teach employees how to identify a phishing threat and reduce the risk of ransomware threats.

Report Any Suspicious Emails Immediately

If an incident does happen, for example, an employee clicks a phishing link and enters credentials into a spoof site, timely action is of the essence. A company has a short window of opportunity to mitigate the threat and stop an incident from becoming a ransomware infection. A report by Agari found that once credentials are stolen two-thirds of email accounts will be compromised the same day.

Incident reporting should be part of your organisation’s culture. But incident reporting needs to be encouraged and made simple by using a workflow-based reporting system that is designed to take the incident information quickly and simply before sending the data to the most appropriate person to deal with to help minimise the risk of ransomware attacks.

Don’t Overshare Personal Information

Phishing messages are often tailored to specific employees to make them more effective. Attackers may use social engineering tricks to obtain personal information to create these personalised spear-phishing messages. Teach your staff not to give out personal data unless necessary. This includes posting information on social media platforms, which are trawled for the data of employees of targeted companies.

Don’t Open Suspicious Attachments in Emails

Employees must not open attachments unless they are sure they have come from a legitimate source. Phishing emails can also be used to deliver ransomware directly using malicious attachments. One example of ransomware delivery via email attachments is invoice scams. The email looks like it has come from a colleague or a business associate, and it contains what looks like an invoice, typically as a PDF or Word document or sometimes a zip file. If an employee clicks to open the attachment, this action initiates a malware download via a link in the attachment file. The malware will exploit any vulnerabilities (known or unknown) to execute the code, infect the machine and display a ransom demand.

Only Use Verified and Known Sources for File Downloads

Employees should never download files or media from unvetted sites. The tactic known as a drive-by-download is used by cybercriminals to download malicious software without the knowledge or consent of the user. Drive-by-download attacks use scanners to look for vulnerabilities in browsers and other device software that is then exploited to install ransomware. Whilst your security team can put in measures such as keeping software patches up to date, employees should be trained to work with security policies that recognise the online dangers of drive-by-downloads to prevent the risk of ransomware attacks.

Use a VPN When Using Public Wi-Fi

If an employee works remotely, they need to be aware of the dangers of using unsecured public Wi-Fi hotspots. If a private and secure Wi-Fi is not available, users should switch on a Virtual Private Network (VPN), or better still, always have a VPN running. A VPN creates an encrypted tunnel between the user’s browser and the internet. The VPN prevents any ‘Man-in-the-Middle’ attacks whereby a malicious outsider steals data, such as login credentials or personal information, or even potentially, injects malicious code such as ransomware.

Don’t Reuse Passwords

Stolen passwords are available for sale on the dark web and are behind 81% of hacking-related data breaches according to Verizon. These ‘passwords for sale’ are from previously phished credentials and hacked databases. The cybercriminals who buy these lists then use automation tools to hack into existing accounts. Even hashed passwords from database breaches can be broken. Forced reset of passwords also doesn’t work as many employees simply add an extra number or letter to the end of a previously used password. Corporate password policies need to be enforced through a culture of understanding that security is important to everyone.

Build a Ransomware Force Field with Your Employees

A ransomware attack can have severe consequences for organisations, as it can encrypt the victim’s files, making them inaccessible, and demand a ransom payment in exchange for the decryption key. If the ransom is not paid, the attacker may threaten to delete or leak the encrypted files, causing significant damage. Ransomware is big business and cybercriminals behind the attacks are serious about it. In a recent exposé, a new ransomware gang, BlackMatter was found to be offering $100,000 for exclusive access to an organisation’s network to deploy ransomware and exfiltrate data.

However, the prevention of ransomware is not a simple fix; your staff can be an effective front-line defence against attacks. By including your employees in a 360-degree approach to prevent the risk of ransomware attacks, an organisation can hope to stave off an attack.

Risk of ransomware

Other Articles on Cyber Security Awareness Training You Might Find Interesting