The global cyber attack that recently crippled the NHS has certainly brought home the threats that businesses face in today’s digital working environment.
The attack used hacking tools to spread ransomware known as ‘WannaCry’ and didn’t only affect the NHS, but also international shipping organisation FedEx together with over 300,000 computers across 150 countries. According to cybersecurity company F-Secure, this was ‘the biggest ransomware outbreak in history’.
WannaCry’s Way In
WannaCry came in via emails designed to trick the recipient into opening attachments which would release malware onto their system via a now commonly known medium known as phishing. Affected computers lock files up and encrypt them so that users cannot access them until payment is made in bitcoin. However, even if payment is made, there is no guarantee that access will be reinstated.
A Microsoft vulnerability has been exploited by WannaCry. The software provider released a patch in March to fix it, but where some people are slow to install updates, it meant these vulnerabilities remained open. Anti-virus software can usually remove the virus, and infected files can also be manually removed. However, this is obviously an after-the-event fix rather than a preventative measure.
The biggest casualty in the UK was the NHS with GP surgeries and hospitals across the country experiencing chaos after medical records and patient systems were rendered inaccessible. FedEx was also hit hard, as was Spanish telecoms provider Telefonica together with Portugal Telecom. German railway operated Deutsche Bahn also suffered an attack.
Microsoft’s security patch was issued on March 14th and the company said that customers with Windows Updates enabled and those using their free antivirus software would be protected.
Cyber Security Advice
Ensuring computer software is always up to date is crucial according to security experts. Updates will often include security patches so should never be ignored. Users should also be exceptionally vigilant when it comes to suspicious emails and should never click on any links or download attachments from unknown sources. It is vital for business owners to communicate this information to the entire workforce, including subcontractors, freelancers and remote workers as well as employed staff who should also be warned about the risks of downloading software, apps and other programs from unofficial sources as these are another way in for hackers.
A spokesperson for cyber security company Avast said, “It’s critical that organisations and employees start to think pro-actively about how to protect themselves from ransomware.”
As we discussed in a previous post, cyber security breaches have a serious knock-on effect including lost revenue, damaged reputation and regulatory fines.
How to Protect Against Cyber-Attack Risks
Without hesitation you need to put vital cyber security measures in place and set clear policies and procedures for your workforce concerning vigilance, reporting and rules.
Secondly, a wise move is to take out a cyber risk insurance policy. This cover is designed to restore a business to its full operational status in as short a timeframe as possible after an attack.
Policies cover everything from innocent, human-error based data breaches up to malicious attacks, cyber extortion and denial of service. They can include legal assistance, public relations guidance and IT forensics together with cover for business interruption, data restoration and loss of profits.
In today’s working environment and with hackers finding new vulnerabilities on a regular basis, you have to ask yourself, can you afford NOT to protect your business?
To learn more about cyber risk insurance and how it can be tailored to your individual business, please get in touch.