On Friday last, the 12th of May 2017, there was an unprecedented cyber-attack on IT systems throughout the world. There was (and still is) huge media coverage of these attacks and the impact they have had on businesses and public services. The health service in the UK was one that appeared to be targeted which prompted the Irish Health Service Executive (HSE) CIO to take the steps to remove all external access to the HSE’s Network to protect the integrity of their IT systems.
Cybersecurity experts have now said that the spread of the virus (dubbed WannaCry – “ransomware”) had slowed. But at the same time have stated that the respite might only be brief. They expect a “fresh wave” of attacks to come. Ransomware basically refers to malicious software that encrypts the data on the PC’s/Network devices and looks for a ransom to be paid by the affected business/individual to the attacker.
So – how can small businesses protect themselves against cyberattack?
If you’re a small business owner, you need to take your cyber security seriously. You can no longer assume that your company isn’t a target just because you’re not a big business. Everyone with a computer connected to the internet is a potential target. And businesses need the data that is stored on the PC’s on their network, so are likely to pay to have it back.
Here are some immediate things that you can (and should) do to help reduce the risk of attack.
- Run security updates on your computer. This is called “patching” your computer. Developers of Operating Systems (Microsoft Windows in this case) regularly release updates to their software. This “patch” is a piece of software designed to update computer software to fix or improve it and regularly includes fixing security vulnerabilities.
- Ensure that you have Anti-Virus software on your computers and that it is up-to-date. While the Anti-Virus software companies are often reacting to such attacks after they occur, they do usually get on top of the problem quickly and release updates to protect your system.
- Educate your staff. Encourage staff to be vigilant and cautious about opening emails that they receive. Healthy scepticism is to be encouraged and tell staff not to open any suspicious emails.
- Update your legacy devices. It’s important to note many of the infiltrations that occurred on Friday and over the weekend happened on Windows XP machines. Microsoft pulled support (and security updates) for this software in 2014. Following this attack, Microsoft took the unprecedented step of creating a patch for this older software. But the advice here is to remove any non-supported software from your network before such problems occur.
- Have secure backups of your critical data. In the event of an attack occurring within your business, you should be safe in the knowledge that the most critical data you rely on (e.g. accounts information, intellectual property, etc.) is backed off to a secure off-site location, out of harms way that can be restored if/when an attack comes into your business.
There’s plenty more that businesses can do to help prevent such attacks but if you take these steps you will go a long way to helping to prevent (and limit the impact of) a cyber attack. You owe it to yourself, your employees and your customers to make sure that your business is secure.
At BITS we offer a wide range of security products and services, including an audit on your computer network to check it for weakness and offer you solutions if you need to remedy such issues. Contact us for more information.