On Friday May 12th 2017 a new global ransomware campaign was observed infecting well over 200,000 devices across 150+ countries and organisations, including the NHS, Telefonica, Renault, Nissan and FedEx.
Due to the high-profile nature of the businesses affected, this campaign has caused alarm. To help you protect your business, we caught up with Russell Hargreaves, Network Support Engineer at Xperience Group, to explore essential cyber security tips…
Q: What is the state of cybersecurity?
A. As technologies are growing in sophistication, online criminals are refining their techniques and exploiting vulnerabilities for extracting money and stealing data and intellectual property. Such as, the very recent ransomware attack affecting NHS and other organisations across the globe – Ransomware is becoming increasingly common and each business need to put measures in place to avoid it. There is also a less known case, where was a bug in Microsoft Word was used by scammers to steal banking logins. Although an update was released and no stolen money reported, a similar incident in 2015 resulted in more than £20M stolen from British bank accounts
Q: Why UK businesses are vulnerable to cyber-attacks?
A. Many organisations rely on old IT infrastructure and run outdated operating systems. This is dangerous because once vendors discontinue support for their products, they no longer produce patches or compatibility updates, exposing businesses to security threats and software defects. As a result, organisations running end-of-life software may be subject to vulnerabilities that they have no ability to correct.
Q: What are the most common cyber security threats for UK business?
A. Although not new, ransomware has rapidly risen in popularity and has become one of the top threats to SME’s this year. In simple terms, ransomware is a type of malicious software which takes control of your computer, encrypting all the data on it so you cannot access it. In exchange for handing over the encryption keys, the hacker demands a payment – and this can be very costly.
Most web crime still happens via email and there are plenty of phishing email messages floating around that are designed to steal personal information of your computer. Spelling and bad grammar is usually an indicator of a phishing email. Scammers will also use graphics that appear to be connected to legitimate websites, like eBay or PayPal, but actually take you to phony scam sites. Don't open any attachments you're not expecting, or click any random links you find in the text.
Q: How to keep your business safe?
A. You don’t need to spend a fortune to keep your business protected. When you store sensitive data on your computer, laptop or tablet, you can use BitLocker. Encrypting your data, this free application will make it unreadable for anyone without proper authorisation. It’s available for Windows 7 and onwards.
Antivirus software is essential to keep your business safe, and top quality protection can be yours completely free. Moreover, if you use Windows 10, you can benefit from in built Windows Defender. Don’t forget, many manufacturers install one-month trials of other software, so make sure your Windows Defender is enabled.
A cloud-based spam filtering solution is a good tool to help reduce the amount of malicious attacks. Such systems check every incoming, outgoing and internal emails and quarantine any threats, providing better email security and protecting your inbox!
Above all, due diligence is the key. In particular organisations should consider extensive user education on the risks associated with opening email attachments from unknown senders. As well as the importance of using strong passwords. If yours is as easy as 123456 - please change it immediately.
Q: What is your ultimate security tip?
A. There is always a possibility an unwanted attack will get through to your network. Therefore, backing up your data is your last line of defence. Multiple backups are a good idea to ensure that all your data is stored safely. An onsite backup will provide a quick fix in case a file was accidentally deleted, and then off-site backup will prove invaluable in case of disaster or ransomware attack that could destroy onsite backups. With regular backups, even once compromised, you can be back up and running in a matter of hours. Small price in comparison with the cost of shutting down all your business operations…
[caption id="attachment_7969" align="aligncenter" width="300"] Russell Hargreaves – Network Support Engineer at Xperience Group[/caption]
For more information about IT security, explore our ultimate security guide here.