A four step guide to staying safe from cyber attacks
Busines owners and managers will be aware of the recent Ransomware cyber-attacks on the NHS and a wide range of companies and organisations worldwide.
As insurance brokers to businesses through the country, Stride has prepared a brief guide to the best ways to protect your business from the disruption, data loss and costs of Ransomware and other Malware spread by cyber criminals.
Cyber-attacks are now common threats for individuals and businesses to deal with. Our advice is simple, to protect your data and your business PREVENT, PREPARE, BEWARE & MITIGATE cyber risks. But first you need to know your enemy…
What is Malware?
Malware is a catch-all term for malicious software spread by a PC user, usually by interacting with a fake but seemingly innocuous email. This can mean clicking on a link or opening an attachment which results in a "payload" of viral code attacking your system and spreading within company networks.
Spreading malicious software by email is called Phishing. Malware is often designed to make users comfortable with opening the fake email by using familiar subject lines and "spoofing" the sender name and email address such that it appears to come from a trusted contact.
What is Ransomware?
Ransomware is a specific type of Malware that gains access to data stored on PC's and servers on your computer network systems.
Your data is encrypted (rendering it entirely unusable) and a ransom (typically of £300-£1500 in an untraceable online currency called Bitcoin) is demanded via a notice displayed on your terminal.
Your choice then is either to ignore the ransom or pay it, which may or may not result in your data being decrypted (or "released") and has the effect of confirming to the attacker that your systems are unprotected.
How to protect your business from cyber attacks
1. PREVENT THE THREAT
Ransomware threatens to corrupt or destroy your irreplaceable business data. The best preparation for a Ransomware attack is to prevent attacks by updating your systems.
This means updating your PC, server and anti-virus software to the latest versions available and applying updates (known as "patches") that fix vulnerabilities as they are discovered.
Every machine on your network should have anti-virus software to scan for threats and that it should be updated daily.
You should also apply weekly updates to patch PC operating systems such as Windows 7, 8 and 10, browsers such as Internet Explorer, Chrome and Firefox and email applications such as Microsoft Outlook. Crucially you need also to consider your server software, as vulnerable server operating systems were a major cause of the worldwide spread of the Ransomware that hit the NHS.
A list of patches to apply immediately to systems running Windows 8, Windows XP and Windows Server 2003 is provided by Sophos here. Please note that any systems running Windows XP are at extremely high risk as this product is no longer supported by Microsoft.
2. PREPARE FOR THE WORST
In the event of an attack, whether on a single affected PC or on your company network as a whole, you will need to restore your data so back up your data regularly.
Make frequent and reliable back-ups of your data and store them on a secure medium separate from your main network. Business owners need to ask themselves when was the last time their data was backed, and has the integrity of the back-up been tested? Many data back-ups are inadequate because they are either too old, not stored on a separate system where the Malware cannot reach or are incomplete. For example, they may not include user email data or cover local documents stored on desktops etc.
3. BEWARE OF THE RISKS
Malware spreads by exploiting the gullibility of users to click on seemingly genuine email links or attached documents.
Don’t click on links from unknown senders or open unexpected attachments. These frequently refer to common business correspondence such as invoices and delivery notices, tax documents etc.
Make your staff aware of the threat and encourage a culture of care when using email and social media in particular.
If in doubt, contact the sender by phone to check the authenticity of incoming documents.
4. MITIGATE THE DAMAGE
Having taken all possible precautions you might still suffer disruption to your IT systems at the hands of hackers and others. Some hacks, known as "zero day" attacks, break out across the internet before system vendors such as and anti-virus companies can release updates.
To help mitigate the financial consequences of such events you can now purchase Cyber insurance.
Cyber insurance can cover the costs associated with reinstatement of data, system repairs, the issue of client notifications when necessary, damage to your reputation, loss of profits and other cyber events subject to any policy excess.
At Stride we have access to a number of insurers (specialist and general) offering this type of cover and can tailor such insurance to meet your needs.
If you would like to discuss this form of protection or would like a quote please contact Richard Everett on 023 9224 8775 quoting reference 18106766 or click here to use our enquiry form.