The NHS and countless other targets around the world are in the midst of a massive series of cyberattacks. From what we know about the attacks so far, it is clear that had some relatively straightforward precautionary actions been taken, many of the affected targets would not have been vulnerable to this particular attack.
There are a number of straightforward, yet effective, steps you can take to reduce your risk of becoming a target.
- Make sure the operating system your business uses is up to date with the most recent patches installed. If your operating system, such as Windows, is too old to be supported by updates, then upgrade your operating system as a matter of urgency. It has been reported that many of the NHS Trusts targeted are still operating from the now aged Windows XP.
- Ensure your anti-virus software is kept up to date with the most recent upgrades available.
- Keep your IT systems clear of any old and unused software.
- Ensure that you have an organised and consistent approach to IT security, particularly in larger organisations, so that you can avoid having unnecessary vulnerability in your IT security.
- Ensure you have a robust system of backing up your data. Back ups should be isolated from your main IT set up so that it has standalone integrity and will not be vulnerable to the type of ransomware used in the NHS attacks. This particular type of ransomware, a worm, searches out different areas of attack once installed on to a system. Therefore if your back up system is not isolated, it can be attacked by the same ransomware and will therefore be useless to you.
- Test your back ups on a regular basis as part of a wider business continuity plan. Rehearse scenarios where you are likely to need to call upon your back up data. These rehearsals should take into account any reliance you have on external providers who may themselves be targeted by cyberattack. What would you do if you were without that particular provider?
- Watch out for malicious insiders. If employees have the ability to cause severe damage and disruption to your IT system, consider using internal monitoring software.
- Watch out for careless insiders. Careless employees are often the main source of cyber attack. Train staff not to open suspicious attachments and to avoid giving away information which could be used by criminals to launch attacks.
- Keep front of mind that your business is a continuous target to cyber criminals and that an attack at some point is inevitable.
- Get cyber insurance to cover potential losses from a cyber attack and to fund the cost of repairing and mitigating any damage.