The recent ransomware incident which occurred across multiple countries earlier this month has been cited as a wakeup call for management teams. The attack was incredibly simple, and questions were asked as to how this could happen to a large scale organisation such as the NHS.
One of the main issues identified was the failure to update systems and implement the latest security patches. Threats like these not only cause an explosion in negative PR, they can cripple a company as they often take days to fix, rather than hours. Following the weekend’s events we received a number of calls, asking the big question of how organisations can protect themselves from further attacks. It is not possible to completely mitigate against cybercrime, however there are number of things your business can do, to significantly reduce your chance of becoming a victim.
1.Make sure your business is using a fully supported operating system
Failure to implement the latest security patches was highlighted as the key problem with the NHS attack. When Microsoft release a new update, this almost always means that vulnerabilities or holes have been discovered in the system leaving them open to attack. Therefore, if they are not updated as soon as these are available, your business is under increased threat of an attack. Some organisations still use operating systems that are no longer supported with security updates from Microsoft. These include Windows XP, Windows Vista and Windows Server 2003. If your business is still on these systems, please contact us for further advice.
2. Install business grade anti-virus software
In the long term, it doesn’t pay to choose the lowest price anti-virus software on the market. We recommend that all small business owners install business grade anti-virus software with the highest level of protection available. A centrally managed and consistently connected anti-virus solution, providing real-time alerts with ability to contain threats on your network.
3. Deploy a business grade firewall content filtering
Content filtering will screen or exclude access to harmful content accessed via the Internet. We recommend using a business grade products with unified threat management (UTM) which brings enhanced security features together under one protection system.
4. Regularly back up your data
The fastest way to recover from CyberCrime is to have a reliable disaster recovery system in place. We would always recommend having two back-up solutions in place – one in the cloud and one other secure on premise solution.
5. Be vigilant when opening emails and subscribe to an email protection service
Criminals are becoming cleverer with their approach and frequently target companies by disguising malware in an unsolicited email. It is often difficult to recognise when you are under attack. An effective way of avoiding errors is to educate your employees. Clearly communicate the warning signs that come with unsolicited emails and encourage everyone in the company to be vigilant.
However, we are all human, and mistakes will inevitably be made. To add a layer of extra protection, we would recommend investing in Office 365 Exchange Online Advanced Threat Protection. With this service added to your existing Office 365 license, all suspicious-looking attachments or links are put through security analysis. Any that don’t make the grade are sent to a remote, protected environment where they can be opened safely to check they are harmless before being sent on to the intended recipients.
6. Regularly change your passwords and use letter/number combinations
Organisations are put at a high risk if they don’t have a password policy in place. We advise clients to change passwords regularly and to encourage employees to set passwords with more than 10 digits including a combination of letters, numbers, capitals and special characters.
Speak to us for a free IT security review
The potential damage to your business is huge if you are the victim of a successful malware or ransomware attack. If you have any concerns or think you may be at risk, please don’t hesitate to get in touch with our team for a free IT security review.
Speak to a member of our team on 01293 871971 or email enquiries@m2computing.co.uk for a FREE IT security review.