Over the years, cybercriminals and hackers have developed various malicious software programs to exploit online security of businesses. Denial-of-service attacks, viruses, worms, Trojan horses and many others to name a few. But, that’s all changed in the last decade.
Thanks to today’s digitised economy, business and personal data have become more valuable than ever. Data is the new “must have” commodity, and criminals want it.
The new threat is called ransomware. Ransomware is malware designed to block access to your computer system and then force you to pay for its release. Payments made are either in regular currency or in crypto currencies like Bitcoin.
The effects of ransomware are so widespread, that experts believe the value of digital currencies like Bitcoin have increased to record levels.
Recently this year, Wanna Cry – a type of ransomware – crippled more than 75,000 Windows PCs around the world, extracting ransom money from users to restore access to their critical systems and data.
So, the question is, what you can do to protect yourself and your organisation from ransomware attacks? Here are a few things you can learn about keeping yourself safe online to ensure you don’t become the next victim.
In the wake of the Wanna Cry ransomware attacks, Microsoft has released what they call a “unusual” patch. The patch prevents the same attack from scamming more of their users in the future.
The Windows update highlights the importance of installing updates as soon as they become available. Especially unscheduled updates.
Unscheduled updates are almost always the result of a new attack by cybercriminals. Every minute that passes without installing it is another minute where your organisation is at risk.
Given that the Wanna Cry attack targeted Windows XP and Vista users, organisations should also consider migrating to Windows 10.
What applies to operating systems also applies to antivirus software. Keeping your antivirus software up to date means that you’re immunised against all the latest threats. Not doing so will leave you vulnerable.
If you don’t backup your data, your putting yourself in a vulnerable position. Cybercriminals can increase their ransom demands, knowing that your organisation has no alternative but to pay.
Backups improve your bargaining power in the event of an attack and reduce the value of stolen data. If you backup your data on a consistent schedule, you only lose the most recent additions. If your data is synchronised with a cloud server, you’ll lose nothing.
The official advice from the UK government is to ensure that backups and critical business files are stored separately on a separate drive or network. This means a network or drive that’s cut off from the internet to prevent hackers from gaining access.
Fraudsters don’t need to find vulnerabilities in your computer network to launch a ransomware attack.
In fact, despite the Wanna Cry hack, attacks that infiltrate software are rare. The way most attacks work is by exploiting human errors in your company. Scammers gain the confidence of colleagues either through email phishing or SMS “smishing”. Smishing is getting someone to reveal sensitive information vis SMS so that hackers get access into your systems.
Colleagues need to be aware that emails can be dangerous. They should not open links in unsolicited emails they receive. Also, they should never give out financial details about themselves or their company.
Even if an email or message looks like it comes from a legitimate source, it still might not be. Email and text messages can be faked and there is no guarantee that the correspondence is safe.
Logging in as an administrator is sometimes necessary. Especially when you need to manage your network.
But, staying logged in for extended periods of time increases your risk of an attack. If you do log in as an administrator, get down to work straight away, and avoid opening any attachments or browsing documents online.
If you work with many colleagues, there will, at some point be a security breach. A co-worker can make a mistake, create a vulnerability and open your company up to a ransomware attack. You can minimise this risk by segmenting your network. You only give colleagues access on a “needs must” basis.
If you aren’t keeping yourself safe online, by following some of these basic rules we strongly recommend you start now. If you’re a larger business you should run an audit.
The bottom line is this: a lack of security in your business is a definite red flag. It’s like locking your door with your keys left in the lock for all to see.