In what is being called the biggest ransomware attack ever, over 200,000 computers around the world have been affected in the past week by the WannaCry cyber attack. The attack hit over 150 countries, encrypted the data of 200,000 computers and affected organisations such as the NHS, putting lives in danger.
This is not the first cyber attack and won’t be the last – and only serves to highlight what a major issue cyber security is for businesses and individuals.
With cyber-crime becoming such a common and widespread problem, it is becoming crucial that companies of all sizes are educated on cyber security to avoid being left vulnerable to attacks.
WannaCry exploits a vulnerability in Microsoft, who released a software patch to fix it in March, however many users fail to install updates and patches on their computers meaning vulnerabilities can remain open a lot longer and make it easier to exploit.
Cyber security threats can affect all sizes of company. It is critical that staff are educated on the implications of cyber security as a business risk.
What is Ransomware?
There are two main types of ransomware – lock screen ransomware, where screens are locked to bar access, and encryption ransomware, where files are altered and opening prevented until an encryption key is applied. Either way, a ransom – usually payable in Bitcoins – is demanded, and which affected organisations must pay, or lose critical data.
As cyber criminals become ever more sophisticated, businesses can be infected by ransomware via a number of routes but typically email, through accessing malicious websites or due to flaws in installed software (and omitting to apply patches).
Top tips to protect your business
The recent attack was a warning of the dangers that cyber-crime presents. Most businesses will have in place some of the measures IT professionals believe are essential for protecting businesses from cyber crime:
1. Install anti-virus, web filtering and firewalls
2. Keep software updates patches applied
3. Backup your files and data
4. Keep your employees trained – Be careful what you click on! It’s essential to keep reminding employees of these potential ransomware threats. (The malware of this attack was distributed by phishing emails)
Cyber crime originating through email is common, often sent as mass random communications. Therefore, it’s worth ensuring employees receive regular training to remind them of potential hazards. Emails incorporating malicious links still create issues for many businesses. Some tell-tale signs to look for include:
• You should only click on emails that you are sure came from a trusted source
• Emails claiming to be from well known, reputable organisations. These may have email ‘from’ addresses that differ very slightly from the official address – i.e. a 0 replacing O
• Emails may have been sent by one of your contacts, whose own accounts have been hacked. These can often be identified as they contain a short – often nonsensical message – and (malicious) link
• Social media networks or instant messaging may also contain links to malware
• Increasingly, malware is distributed via every-day type documents that invite users to enable macros. A robust policy regulating download privileges, defining rights per employee can extend protection across the business
5. Formalise security policies
6. Instigate a robust password policy
8. Turn off computers immediately if suspicious activity is detected
Aside from financial losses, the reputation of an organisation can be greatly damaged.
We are advising businesses to obtain a cyber liability insurance quotation. Please contact PK Partnership on 020 8681 4994