Does the WannaCry ransomware attack make you wanna cry? By now you have probably heard about the WannaCry ransomware attack hitting businesses around the world. According to the BBC, "The WannaCry cyber-attack infected more than 200,000 computers in 150 countries, affecting government, healthcare and private company systems." So how do you protect your business from WannaCry and prevent losing all of your company data?
Before we delve into how to protect your business, it's important to understand the definition of ransomware. Ransomware is a type of malicious software that is designed to block access, or threaten to publish, your personal or company data unless you pay a sum of money. Typically hackers ask for BitCoin as the exchange currency for ransomware.
Now that we understand ransomware, here are five steps you can take to protect your business from WannaCry and similar ransomware attacks:
1. Backup Company Data
We cannot stress enough how important it is to maintain regular backups of your data. Your intellectual property, customer records, financial information and in some cases Patient Health Information (PHI), are easy targets for hackers and important enough to hold your network ransom. Be sure to observe the "3-2-1 Rule" and make sure that three copies of your data exist. Do this on two different media with at least one copy maintained off-site.
2. Educate Your Employees
In 2017, every computer end user should be educated on standard cyber security best practices. Your employees are your greatest IT security vulnerability. Begin by offering regular IT security training and establishing computer policies to prevent employees from creating gateways for hackers. You may also consider running annual phishing tests to gauge whether your employees are following IT security training protocols.
3. Use a VPN for Remote Access
Today's employees are working remotely. On a given day you may have someone working out of an airport, coffee shop or home network. Your IT department doesn't have control over public wifi hotspots or nearby intruders. Protect your network data by maintaining Virtual Private Network (VPN) access for your staff. You can do this by selecting a VPN client. A VPN client allows your employees to access your network securely by entering secure login credentials. The VPN client then has to validate the connection with trusted keys before your staff can gain network access. You will also want to be sure to select a quality VPN client. Free or low cost VPN providers may not offer the level of protection your company needs to mitigate hackers.
4. Run Regular Network Health Reports & Scanning
Just like your physical health, the health of your network requires routine check-ups and monitoring. The first step in maintaining a healthy network is to be sure all of your applications are up to date and your system is properly patched. If you're using Microsoft, consider following the regular Microsoft security bulletins to keep your system current. You can view these bulletins at: https://technet.microsoft.com/en-us/security/bulletins.
For Apple users visit https://support.apple.com/en-us/HT201222 to view regular security updates.
In addition to monitoring security updates, you may also consider running regular network scans to determine any gaps in your system that may need remediation. If your IT department is not equipped with the tools to create a network health report, then a qualified MSP can complete this process for your business.
5. Patch Management
We mentioned patching in the section above; however, It's vital that patching be listed on its own. Patch management is an organizational exercise for a business as systems regularly need vulnerabilities reviewed and patches installed. We recommend asking your IT department to create a quality patch management process for your business, with controls in place for employee turnover, patch research, deployment and testing. You may also consider implementing asset management and a proper communications protocol.
For more information on the WannaCry ransomware attack visit: https://www.dhs.gov/news/2017/05/12/dhs-statement-ongoing-ransomware-attacks. To get your business ready for the inevitable contact SymQuest today to request an assessment of your network.