The virus that hit the NHS in England and Scotland, known as Wanna Decryptor or WannaCry, has infected over 200,000 machines in 150 countries since Friday. The virus is a type of ‘ransomware’, which locks users’ files and demands payment to allow access, and has spread to other organisations including FedEx and Renault.
The size of this attack by the WannaCry virus is “unprecedented”, according to Europol. Plus the impact of the attack is being felt in real life too, as some hospitals were forced to cancel treatments and appointments, and divert ambulances to other sites.
ADS has put together some tips on what companies should do to protect themselves.
Cyber security tips
- Make sure that you run the latest operating system (the recent NHS attacks were possible as they were using Windows XP, which is out-of-date).
- Download official software updates.
- Back-up your files regularly.
- Do not open unexpected email attachments and be on the lookout for phishing and specifically targeted ‘spear-phishing’ emails.
- Use up-to-date antivirus software.
- Train your staff with an understanding of cyber security (only 20% of UK companies currently provide cyber training for their staff!)
- Get Cyber Essentials certified at a minimum.
Most importantly for ransomware, back-up the data that matters to you. You can’t be held to ransom for data you hold somewhere else, and there is no guarantee that paying the ransom will result in your files being unlocked anyway.
The National Cyber Security Centre website has lots useful tips and information.
Cyber Essentials certification
Companies should acquire the UK Government’s Cyber Essentials certification at a minimum. This shows you how to put technical measures in place to protect your business against the most common internet threats, and you can also apply for a Cyber Essentials badge to demonstrate to customers your business takes this issue seriously.
There are a range of cyber security experts within the ADS members’ network who can assist with a direct clean-up in response to the Wannacrypt attack, or provide preventative guidance on achieving Cyber Essentials – the minimum standard in cyber security from Government. Contact the ADS Security team for more information