We are sure by now you will have all heard about the high profile computer virus attack that hit the NHS in May 2017.
To reassure you that whilst this is of course an important reminder about the risks of cyber crime, there is no immediate need to panic, this isn’t actually something particularly new.
What is the attack?
‘Ransomware’ refers to a particular subgroup of IT viruses, or malware attacks, and has been prevalent for the last couple of years. Cybercriminals launch an attack, often via a phishing email, that encrypts files stored on your PC or network, and then they demand a ransom in order to have the encryption reversed. The ransom is often time sensitive and the attackers will tell you that the fine you will have to pay will double after 24 hours. Demands vary from a few hundred, to several thousand pounds, and they demand payment via bitcoins, making the whole process very hard to police.
How do you protect yourself?
There are various things that you should already be doing, that reduce your risk of ransomware attack:.
- Ensure that all your servers, pcs and laptops are covered by the latest software patches. Patches are released by the software vendors, to address system vulnerabilities, so it’s important that you keep machines up to date.
- Ensure that you are using a corporate grade firewall. A properly configured firewall will protect your network from the attack suffered by the NHS last week.
- Ensure that you are using a commercial Anti Virus product. Ensuring that all machines on your network (including the servers) have a suitable Anti Virus product is a key step to protecting your data. Again, this service can remotely monitored and managed.
- Replace out of date software. The reason the NHS attack was so successful, is because the NHS are one of the largest users of Windows XP – the Microsoft Operating System that went end of life several years ago. Windows XP and Server 2003 Operating Systems are vulnerable as Microsoft and most anti-virus providers no longer release updates for these devices.
- Ensure that you have an enforced password policy. You should have network controls in place that force users to update their passwords regularly, using complex password strings, and that the network prevents brute force attacks by blocking accounts that repeatedly attempt to login with an incorrect password. You need to ensure that you don’t leave dormant accounts on your system – accounts for leavers for example, or test or demo accounts.
- Train your staff to recognise phishing emails. Whilst this attack was not activated by email, the most common ransomware attacks are started by a user clicking on an infected attachment. Your users are your first line of defence and you need to train them to spot potential cybercrime activities. Consider subscribing to Security Innovations web based training, then you’re already arming your team to help prevent this sort of attack.
- Ensure that your data back up meets your organisation’s needs. It is normally possible to recover encrypted data from back up, to avoid the need to pay the ransom demands, but that means it’s essential to sanity check your current back up process and ensure that it’s working each and every day.
If you would like any help with addressing these points, please do not hesitate to get in touch with us by calling 01246 569707 or emailing Support at Column Systems. If we can help in any way, we would be delighted to do so.