What if one infected file could freeze your entire world? That’s the reality of today’s cyber threats. Ransomware can lock your files and demand payment to unlock them, while supply chain attacks sneak in through the vendors and software you already trust. You don’t have to be “technical” to understand or reduce these risks; just a few smart habits go a long way.

Ransomware

Ransomware is malicious software that encrypts (locks) your files so you can’t open them. Attackers then demand money for the decryption key. How does it get in? Often, through phishing emails (“click this urgent invoice”), fake attachments, malicious links, or outdated apps and browsers with known weaknesses. Sometimes it hides in a cracked download or a too-good-to-be-true free tool. Think of it like someone changing all the locks on your house and charging you for the keys.

Supply chain attacks

A supply chain attack targets the trusted links you depend on, your software updates, IT providers, or cloud services, to reach many victims at once. Instead of breaking into each computer individually, attackers compromise the source so their code rides along with a legitimate update. Imagine poisoning the water at the reservoir rather than each glass at your kitchen sink. Because these attacks arrive from “trusted” channels, people accept them without question, which is exactly what attackers count on.

Why this matters to everyone

The impact isn’t just technical, it’s personal and societal.

• Individuals: You could lose access to schoolwork, photos, or financial documents. Data may be leaked publicly if you don’t pay.
• Organizations: Hospitals, schools, and local governments have experienced days of shutdown, canceled services, and huge recovery costs.
• Wider systems: When a supplier or software platform is compromised, many organizations downstream can be affected at once, creating delays, outages, and reputational damage.

Everyday defenses that really work

You can’t control every risk, but you can shrink your attack surface and recover faster if something goes wrong.

1. Pause before you click. If a message feels urgent or unusual, verify it through a known, separate channel.
2. Back up your files, offline and in the cloud. Keep at least one backup that isn’t constantly connected to your device. Test that you can actually restore.
3. Use Multi-Factor Authentication (MFA). MFA stops many account takeovers even if a password leaks. Never share one-time passcodes (OTPs).
4. Update apps and systems. Turn on automatic updates for your OS, browser, and critical software. Patches close doors to ransomware use.
5. Install from official sources only. Avoid “free” or pirated software. Verify the publisher and check the site URL before downloading updates.
6. Use reputable security tools. Keep your antivirus/EDR on and let it scan automatically.
7. Limit your digital footprint. The less information scammers have about you, the harder it is for them to craft convincing lures.
8. Report fast. If something seems off—strange pop-ups, locked files, or a suspicious update—contact your IT or help desk immediately. Quick reporting helps protect everyone.

A quick storyline to remember

• Ransomware: “Lock the files, demand a payment.” Delivered by a bad link, attachment, or outdated software.
• Supply chain attack: “Compromise the source.” Malicious code delivered inside a trusted update or through a trusted vendor.

For more information, refer the following resources:

• How To Prevent Ransomware: https://www.fortinet.com/resources/cyberglossary/how-to-prevent-ransomware
• Supply chain attack defence strategies: https://www.bluevoyant.com/knowledge-center/supply-chain-attacks-7-examples-and-4-defensive-strategies

The bottom line

You don’t need to be a cybersecurity expert to make a difference. Awareness is your first shield—and small habits like backing up, updating, verifying, and using MFA can turn a crisis into a minor detour. The more we know, the stronger we all become.