Only a few months ago, one of the biggest ransomware attacks the world has seen, took systems in over 150 countries hostage, bringing vital organisations like the British NHS, a Spanish telecommunications company and the Russian Interior Ministry to a screeching halt. Although the ransomware attacks mostly hacked businesses and organisations, individuals that ran a Windows operating system on their personal computers were also at risk.
In this post, Dave Blackhurst from Bristol IT support company Evolvit tells you how to keep your business safe and secure from cyber-attack.
Although the rate of infection by the Wannacry software, the perpetrator of the largest attack, has been largely kerbed and contained by security researchers. It was found that the infection had spread to tens of thousands of machines, showing the insidious prevalence of the hacking software. And the wave of following attacks, such as the Petya ransomware, which many businesses are still trying to deal with – many of them not predicted to have their operations fully restored until August – emphasises that computer security needs to be a constant and a not a reactionary measure.
But what is ransomware?
Ransomware is malware that ruthlessly holds a computer’s data hostage via encryption, for a set sum of money. If the user doesn’t pay the ransomer a certain amount of money within a set time period, their data will be potentially lost for ever.
Wannacry, for example, demanded $300 in crypto currency Bitcoin within three days. After that the amount is doubled, and, if not received in a week, the user’s data will be deleted permanently. This malware not only spreads itself rapidly, it also evolves quickly to avoid any attempts at mitigation.
The loss of data can be disastrous for businesses, causing a period of downtime that can result in a loss of profit and business, and private individuals.
But ransomware and other cyber security threats, although common, are not infallible, and protecting yourself from them, or even just your browser being hijacked, can be boiled down to a number of simple steps.
1. Keep Your Computer Software Up to Date
One of the most important things to remember with your computer is that it needs regular maintenance, specifically with software updates.
The Wannacry attack took advantage of a vulnerability, discovered by the NSA and made public by hackers in April, that allowed hackers to slip through certain Windows security protocols. Although Microsoft released a patch for this vulnerability in March, users that didn’t update their computers left themselves at risk.
Out of date software is often full of vulnerabilities that can easily be discovered, publicised and exploited by hackers with better knowledge and superior software.
Think of your software like a building, with good maintenance, the walls remain strong and intact, if left in disuse, foundations can crumble, holes appear and anyone can choose to gain access.
Just as hackers are aware of these vulnerabilities, so are the software companies who often release patches and updates in order to rectify problematic systems. By consistently updating your software as soon as a software firm releases a new security patch, you can significantly reduce your risk of being hacked and compromising your system.
Antivirus software also needs to be consistently updated when necessary.
2. Exercise Caution
Hackers are pretty savvy, with a whole host of tools at their disposal. One of the largest ways they spread infections is through emails and email attachments.
Always exercise caution when opening emails from unknown senders and never open attachments that you weren’t expecting, or cannot see what they contain. Email attachments containing malicious malware are by far one of the fastest and most effective ways for a hacker to get straight inside your system and lock you out, with easy access to a host of personal and private information. And the same goes for social media, don’t click on links from untrustworthy sources.
In the wake of Wannacry, Microsoft has also warned against the prevalence of fake websites set up to steal user information. Popups that require you to resign into your device, or say you have been infected by a virus with a prompt to complete some action, that are not from your software provider or computer manufacturer are most likely hackers. Even if they are from your provider or manufacturer, always verify this with the company themselves before taking any action.
If you’re a small business owner, ensure that your staff are fully trained in proper cyber security practices and protocols by requesting an audit from your IT or computer support team. Your employees can then mitigate their own risk of infection, through their behaviour online, and it’s easier for your IT support to contain a potential security threat if there is one.
A recent wave of scams from official looking HMRC emails has caught a number of people off guard, as they didn’t take the time to verify it came from the correct source. An easy way to do this is to get the email of the sender displayed in full if it is not a verified HMRC email address, which can be found on their website, report and ignore it.
3. Backup Your Data
Backing up your data is one of the most effective ways of preventing a ransomware infection. Ransomware only works on the premise that a user is scared into paying though the risk of losing their data. If your data has been consistently backed up, you can restore your files even if they have been encrypted, once the infection has been cleaned up.
If you’re in a larger organisation, ensure that your IT infrastructure has been properly constructed so that your backups are appropriately protected or stored somewhere attackers cannot delete nor infect them.
Essentially, keeping your computer safe all comes down to using common sense when online.
Never give out your personal information, such as address and credit card information, unless to verified companies, and be wary of scaremongering tactics used by hackers to jolt you into action.
If in doubt, contact a local IT provider and have them verify whether a threat is real, or just another ploy.