WannaCry has infiltrated the NHS IT network, banks and transport systems, reportedly affecting over 200,000 people in well over 100 countries across the world. We offer some general advice to protect against this type of threat.
The scale of WannaCry and the institutions it has affected has brought cyber security to the forefront of the public consciousness once more. And while it isn't possible to completely protect your computer systems against the threat of infiltration - hackers are constantly evolving their methods and launching new threats - it is possible to minimise your risks by following some simple advice.
- Update your operating system. Ironically, this is where many bigger corporations can fall down, as they have many more computers to update, with associated costs in doing so. However, smaller companies can be more agile in doing this, with fewer computers to update.
Earlier versions of Microsoft Windows (such as Windows XP and Vista) are no longer supported by security updates from Microsoft. Vista support only ended last month, so you may not be aware of this. Smaller businesses with fewer systems to update may find the cost of upgrading to a newer operating system (such as Windows 10) is worthwhile (and easier to implement) compared to the potential threats and losses that may occur with legacy operating systems.
- Update your operating system. Ironically, this is where many bigger corporations can fall down, as they have many more computers to update, with associated costs in doing so. However, smaller companies can be more agile in doing this, with fewer computers to update.
- Install security updates. When offered important security updates and operating system updates, don't delay - install them as soon as is practicably reasonable. However, make sure they are genuine updates from Microsoft, Apple or Google, for example, and not fake security software programs advising of threats on your computer. The easiest way to install updates is to turn them on automatically within your operating system, and restart your computer when prompted to do so.
- Install good quality antivirus software. There are many commercial antivirus options to help protect your computers from the threat of viruses and malware. Software from reputable providers such as Kaspersky, McAfee, Norton, AVG, Avast and Avira - amongst others - can help to protect against the latest cyber threats. However, as is the case with your operating system, make sure you update your antivirus software whenever it is needed - including restarting your computers when prompted.
- Use spam and malware filters on your email. If you use Outlook or a similar email system, ensure that you protect against the threat of viruses and malware spreading via incoming and outgoing messages. Some commercially available antivirus software will include this protection, to help filter out email messages that are known to contain malicious code. It may be worth paying more for antivirus software that also contains other features, such as a software firewall or email filtering, depending on your needs.
- Exercise caution when opening email attachments. Even if you recognise the sender name on an email, check their email address - do you recognise it, or is it slightly different to the one they normally use? Is there a good reason why they have sent an attachment? If you are unsure, do not open the attachment. You could save it to your computer, then scan it with your antivirus software, to make sure it is not a virus before viewing it.
- Be careful with links from emails. Do not follow links in email to websites if they look suspicious in any way. There have been notable scams with emails pretending to be from banks, linking users to a fake website (or phishing site) to update or confirm their security details, for example.
- Exercise caution online. Many viruses and malware are spread through malicious code in websites, so if a pop-up appears suspicious, close it immediately and do not act upon it. There are also short links sent via email - again, often purporting to be from somebody you might know - that link to this type of site. Code in these sites can start to record your online activity, for example - often covertly. Be careful - go directly to the site you are interested in (e.g. www.barclays.co.uk) rather than following a link in an email.
- Back up your important data frequently. Ransomware threats work because computer users are worried about losing important information when it is encrypted by the malware. If that important information is regularly backed up, it can be more easily restored by reverting back to a previous restore point, rather than paying hackers (who may be involved in wider criminal activity).
Too often, small to medium sized organisations are unaware of the consequences of a cyber attack and don't believe it can happen to them. As is the case with all modes of security, it is better to try and prevent an attack than to react to it after the event.
These are just some of the ways that you can help to protect your organisation against cybercrime. If you wish to test your own cyber security defences, you can use Bollington's cyber risk exposure scorecard, which runs through a check of your operations and shows where you score well or where you can bolster your defences against cybercrime.
Bollington is also on-hand to provide cyber insurance to help protect you should the worst happen to your business. Please call us on 0161 929 1851 to discuss how we can help your organisation, or get in touch with your account manager for more information.