Is your business Cyber Aware?

Taken from the June 2017 issue of the Island Business magazine.

Cybercrime is one of the biggest threats to any business. Did you know one in four businesses reported a cyber-breach or attack in the past 12 months? We all use computers but many businesses do not see it as a priority.

The impact of a cyber-attack can be huge. You could lose time through having to fix your systems, potentially lose customers, damage to your reputation and potential consequences of a hacker getting their hands on your data.

Attacks like last month’s global “WannaCrypt” ransomware incident have exploded in the past few years and can make for a tough learning curve. Ransomware is a type of malicious software that encrypts your files so that you cannot use them, then demands that you pay money (a “ransom”) to regain access to them. There is no guarantee that paying the ransom will give you access to your files, and doing so just encourages the criminals.

How did it happen?

Over a period of just 7 days, WannaCrypt infected over 230,000 machines. It exploited a vulnerability in Microsoft Windows that affected all versions other than Windows 10. Microsoft released a patch for all supported versions of Windows back in March to address the issue, businesses with updates set to install automatically would have been reasonably well protected against attacks.

Those still running unsupported operating systems such as Windows XP and Windows Server 2003 were initially at particularly high risk. The day after the outbreak Microsoft took the unusual step of releasing patches for these operating systems too.

The media has focussed on large organisations that still use Windows XP such as the NHS, where the ransomware ran rife and created huge problems. However, researchers say that 98% of infected machines were running Windows 7, the most common version of Windows.

This highlights the importance of keeping software up to date, although for the NHS it is not easy. One Microsoft employee tweeted:

The release of the patch probably isn’t going to help that £15m MRI machine that runs Windows XP whose maker went bankrupt 10 years ago. It’s not a matter of £100 for a license, it’s £15 million for a new machine and you need to rip the building open to install it.

Barry Dorrans, Microsoft

Attacks like these evolve over time so you should take the opportunity to make sure your IT is secure. The good news is for most businesses, it is inexpensive to be cyber aware. Here are my top recommendations.

Recommendations

  1. Check Backups – Ensure you have a robust backup and recovery strategy. If you are hit by ransomware, backups are essential to restoring your files. Check regularly that your backups are working, and ensure you have a copy of all your files stored securely off-site. Don’t assume that cloud backups are immune from ransomware, many services sync files with those on your hard drive and could well overwrite unencrypted files with the newer encrypted ones.
  2. Install Updates – Whether you use Windows or a Mac, ensure your operating system is a currently supported version, and that updates are installed as soon as they are available. Without updates, your machine is left exposed and vulnerable.
  3. Antivirus – Install a good antivirus product on every machine. Make sure virus definitions are set to update at least once a day so that you are protected against the latest threats.
  4. Training – Train staff to be vigilant and not open links or documents from untrusted or unknown sources. Ransomware usually relies on human vulnerabilities, rather than weaknesses in security software. If you are ever unsure, don’t click it!

Remember: You cannot be held to ransom if your data is securely backed up!

Useful Links

https://www.cyberaware.gov.uk
https://www.getsafeonline.org/business/