Ransomware - Lets talk about this sensibly

I have read a lot of hysterical articles over this weekend regarding the widespread outbreak of the WannaCry ransomware bug. We shouldn't really be surprised that the NHS was the high-profile victim amongst many given what we are told in the press regarding the inefficient layers of management which seem to be constantly lurching from crisis to crisis. I'm sure the updating of a few creaky old PCs that generally do their job okay isn't high on their agenda when they are busy trying to find a bed for a critically ill patient.

The fact is however that ransomware is largely an avoidable risk and there are simple, low-cost steps you can take to protect your business.

The criminals that propagate this kind of malware are really like all others. They follow the path of least resistance. Where can they get the best rewards with the least effort and the least chance of getting caught. Unfortunately, this means that they will pray on known vulnerabilities in software operating systems and rely on the fact that users are generally slapdash in their approach to updating their systems with the latest security patches.

The three things you should do now, if you are not already doing so, to minimise your risks are as follows:

  1. Make sure all your computers are fully updated with the latest versions of all software, including antivirus/malware. If you are still running older versions of operating systems consider, where possible, updating these to the latest versions. Set these machines to automatically download and install the latest updates. Being an advocate for Apple hardware, I would add that if you have the option to switch to the Mac/iOS environment these machines are targeted far less frequently as they are generally easier to keep up-to-date and there are simply fewer of them so the returns for the criminals efforts are lower.
  2. Make sure all of your staff are trained and continue to be retrained on good digital hygiene. This could be as simple as making sure they are aware of the consequences of clicking on links in emails from unknown or un-trusted senders, how to check the safety of downloads and how to deal with suspicious emails or websites. If you have the expertise in house this can be carried out on an ongoing and regular basis but otherwise there are many organisations that can provide this kind of training. As per 1 above, computers are pretty good at protecting themselves and the biggest open door for the criminals is accessed through poor user habits.
  3. Backup. If the worst does happen and you are struck by the activation of ransomware then the easiest route is simply to format your computer and restore from a recent backup. Your backup regime should follow the 3-2-1 principle; 3 different backups on at least 2 different formats with at least 1 of these being off-site. As part of your regime make sure you are regularly testing a restore from these backups so that if needed you know you won't be let down.

If you ensure that these three steps are followed through and regularly reviewed you will remove a huge proportion of the risk of this kind of loss. And make no mistake, if you don't carry these out then you will be hit sooner or later and probably, sooner.

Whilst the ransom demanded by the WannaCry malware was relatively inconsequential (around £230) the cost of an outbreak such as this is not in the funds demanded by the criminals but in the lost time, cost of IT experts in cleaning up your systems and sheer psychological worry of restoring lost data. A good friend of mine who is a GP lost his entire weekend last weekend battling with his practice PCs. That's a weekend with his kids he will never get back.

This is where insurance can assist in providing not only the financial backing to cover the cost of these expert consultants but also having access to them in the first place. Time is critical in these situations and if you have a single helpline that you can call at the first sign of an outbreak that will immediately give you access to expert assistance this will mean you will be back up and running with the minimum loss of time and stress.

 If you want to discuss how this relates to your particular business then please contact me today and I would be delighted to chat to you about it.