With businesses and services looking to transform their digital strategy and implement new technologies and software to improve their services, the cyber threat is becoming an evermore present threat to company and personal computers.
Criminals are no longer using the attacks to demand just money. Political statements and aims of disruption are behind some attacks, with healthcare and finance becoming a high profile target.
May 2017 saw a wave a cyber attacks affecting over 230,000 computers using Microsoft Windows software in over 150,000 countries. In the UK, the most threatening aspect of the attack was the impact the encryption had on the NHS. Hospitals and GPs were forced to turn away patients and suggested those seeking appointments do so on an emergency only basis. The information on the NHS database was inaccessible unless ransoms of $300 to $600 were paid via Bitcoin. The attack was dubbed WannaCry, a shorted version of Wanna Decryptor ransomware.
The ransomware is believed to have been spread via emails. The emails aim to trick recipients into opening attachments or links that release the malware onto their device and begins to locks your files unless you comply with the ransom terms.
It is important to consider government policy when maintaining and reviewing cyber security, however, stricter security requirements cannot be implemented due to the unique threats towards different industries.
But, there are ways to protect yourself and your business from the threat of a cyber attacks:
Always ensure your computer is using the most updated software.
This is a very common issue with work computers. As sophisticated anti virus software is developed, criminals begin looking for loopholes and ways to beat the software and encrypt computers, therefore, it is crucial that your computers always use the latest defence. This is a precaution you must take across all your devices.
Enable or schedule automatic downloads of antivirus software and, operating systems and web browser updates.
Sometimes work computers are left using an old operating systems due to legacy program requirements, however, updating your software can be a tedious process, usually requiring a computer restart or can just slow your system down all together. This can be avoided by scheduling downloads for out of work hours or through breaks.
Regularly back up your data.
If your data is backed up regularly, cyber attacks looking to lock or encrypt your data cannot cause so much of an effect as you will have your files stored in a second location.
Do not click on links from unsolicited emails and only download software from sites you trust – take extra precaution of free downloads.
In a lot of cases, the weak link in the chain is actually human error. Ransomware and virus software is often embedded within encrypted links and disguised software downloads to trick users into opening or downloading the malware onto their computers. Often emails seem to be sent by users and companies you trust, therefore, it is important to find out the true source before accessing the download or link.
Share knowledge and report any suspicions.
The U.S. National Security Agency (NSA) fell under a lot of scrutiny after it was discovered the association actually found the vulnerability within the Microsoft Windows software and failed to report it to Microsoft, leaving the hackers to exploit the weakness and spread the virus.
Run penetration tests.
Regular penetration tests are vital to discover any weaknesses and vulnerability within your IT infrastructure.
Check for unnecessary connections with other devices and minimize privileges to users.
Unnecessary connections and access help the virus to spread. Computers that are connected allow for the malware to easily transfer between the devices and users with unwarranted privileges can be hacked and used to spread the virus. Be sure to check for hidden devices as well as those listed in your devise manager.
Educate your employees, family members, or anyone who uses your computer of cyber security and how to stay safe on line.
It is important that board members and employees understand the risks and threats online. It is crucial to understand how to recognise a security breach, how they unfold, the potential impact and how to respond. It is important to report any suspicious activity and breaches to the National Crime Agency or Action Fraud to assist them in protecting and preventing systems from an attack.