Protecting your business against cyber-attacks
In May 2017, “WannaCry” ransomware reportedly hit over 200,000 computers in 150 countries, affecting many NHS Trusts in the UK. Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a ‘ransomware’ attack demanding payment to regain access to vital medical records. So what is the reality of a cyber-attack and how can you protect yourself against this growing threat? It happened because the ransomware was able to exploit a weakness in the Microsoft Windows operating system. Back in March, Microsoft released a patch to protect against this vulnerability, but not all users updated their computers. Users opened infected email messages, enabling “WannaCry” to encrypt on the target computer. A ransom, payable in Bitcoin, was demanded to unlock the computer. Typically, this was around £230, with three days to pay, before the ransom doubled. If not paid within seven days, the files on the computer were unrecoverable. Although ransom demands are often small, the interruption to business can produce sizeable losses, especially if occurring during peak trading periods. For hackers, it can be very lucrative given the high frequency of attacks. Demonstrating the increasing frequency of cyber-attacks, “NotPetya” was released at the end of June, seemingly from the Ukraine. This virus quickly spread across the world in a similar fashion to “WannaCry”, locking infected systems with a ransomware demand to be paid in Bitcoin. One particular ransomware, known as “CryptoWall”, is estimated to have earned hackers $325m over the past three years. Anyone who uses a computer, the Internet, and/or processes payment card information is under threat from cyber-attack. The following basic safeguards will help minimise the risk:
- ensure your IT operating system is up to date, and any new patches fully installed
- use commercially licensed anti-virus software and rewalls
- do not open unexpected emails or attachments
- back up regularly
- train staff in cyber safety – you’re only as strong as your weakest link.