Since the news of a “cyberattack” on IT systems across Europe broke on Friday companies have been racing to engage with their IT providers and staff to try to fix the problem. The bigger problem is that it’s too late. This type of attack was always going to happen sooner or later as it has exposed the two real problems – training and investment.
What is a ransomware attack?
Its a computer virus that is usually activated when someone clicks on an email link that they think is ok but is actually sent by a hacker. The link activates the installation of a nasty computer program on your computer which locks down (encrypts) your computer so that you can’t access it without a special key. The hacker them demands a “ransom” to provide you with the key. The key is totally unique so your IT dept will not be able to get this key for you or fix the infection. Once the infection has taken hold its a case of paying up (we wouldn’t recommend this), going to a backup (if you have one) or starting from scratch (eeeeeek!). The only strategy is not to get the infection in the first place by educating your staff and protecting your computers systems.
What is all the fuss about?
So if we take the UK Health Service attacks as an example – they are not really attacks at all. They are the exposure of out of date computers and employees who didnt know how to recognise suspicious emails. There is nothing new in that – these type of “phishing attacks” as they are known are simply dodgy emails sent on mass with the hope that employees with click and infect their computers. They did and the problem was multiplied up when those computers were connected to other out of date computers and suddenly you have thousands of emails circulating infecting exposed computers and it brings organisations to a halt. When this type of infection strikes the first thing you will see is a message that your computer has been hacked and a message to pay the ransom to (€300 – €600) per computer to have control of your computer back.
How can companies protect themselves?
Simple – update your computer systems and educate your staff. I am sure if any company didnt have an intruder alarm and a receptionist these days you would think they are daft. It seems like a sensible idea to have both of those precautions to prevent a total stranger from walking in and stealing goods – wouldnt it? Well, its the same for computer systems and yet companies are unwilling to invest in protection even though some form of computer will be at the heart of EVERY business … even though it might be just one p.c. Here are some essential tips :-
- Install good antivirus software – ditch the free ones – pay to install the best software on your computers.
- Upgrade your computers – ditch your old computers – they are wide open to security risks.
- Educate your staff – take time out to tell your staff how to recognise threats. Find out about email phishing, provide training and follow up to make sure the message is getting through.
- Assign an IT contact – Give someone the responsibility for updating your computer systems. Even in a smaller company make sure that someone is updating your computers even if its an external company.
- Backup you data – Rule 1 is to always have a backup of your data which you can restore in the event of a fire, floor, theft or computer infection.
Who can help?
There are lots of computer companies who specialise in providing computer security services – but we are not one of them. We can keep your websites secure so if you are looking for help with your computers just Google ’em.