Many employees think that to infect a network with ransomware, a type of malware that holds private files hostage through encryption only to be released once a ransom is paid, they must first download a program. However, this is not always the case. While that is one of the more common vectors for ransomware attacks on a network, there are several other, more passive, ways a network can become infected, some with very little effort on the part of the employee. The first is social engineering on social networks. More and more accounts are being compromised these days by hackers who infect a user with a weak password, and then begin tagging their friends with links to clickbait articles. Once the link is clicked, the ransomware can spread through the local network. Another attack employees should be made aware of is called spearphishing: when hackers use personal information to make an email look as if it is coming from someone an employee knows. Consequently, the employee is far more likely to trust the contents of the email. As always, one of the best ways to combat these attacks is through education and training.