In the news recently there has been coverage of a large global computer attack, infecting computers with a ransomware program called WannaCry. This attack has raised questions for SME businesses on what can be done to protect against these types of attacks.
Ransomware attacks can cause unnecessary stress and affect productivity, in addition to hurting your wallet. It’s important your business responds quickly if affected, and you make sure your systems are protected from these types of attacks.
What is ransomware?
Ransomware blocks access to a computer system or files until a sum of money is paid. It works by encrypting your data and demanding payment for its release, threatening the deletion of the data if the payment is not made.
How is ransomware deployed?
Ransomware can be deployed via phishing emails, attachments to emails and by exploiting weak network defences. Once a machine has been infected, the ransomware will attempt to spread to other computers.
How do I protect against an attack?
While it depends on the strain of ransomware, you can help to protect your system by:
- Keeping your systems up to date – this attack takes advantage of a critical hole in older versions of Windows. Microsoft released a patch to cover the vulnerability in March 2017, so businesses with up to date software will not be affected.
- Backing up your files – ransomware encrypts your data and demands payment for its release. An attack will be less concerning to those businesses who frequently back up their data. SMEs backing up their own systems need to ensure those systems can’t also be compromised if an attack spread.
- Educating yourself and your staff – small businesses lost over $2 million to scams in 2016, so it’s important to educate yourself and your staff on cyber security.
Do you have your cyber security under control?
Prosperity Advisers can assist you to develop and implement a cyber security plan, which covers:
- Conducting regular scheduled system checks, including penetration testing and using your external auditor to assist.
- Changing your security levels as required.
- Identifying cyber security and forensic experts that you can call on when the need arises.
- Implementing a breach plan, including a cyber security incident response plan which involves law enforcement agencies and regulators, and a press release statement.
- Considering limiting the impact by putting in place cyber insurance cover which can provide both indemnity and liability cover.
For further reading on managing your cyber security risk, please refer to the Australian Cyber Security Centre (ACSC).
We recommend that you review your procedures and systems and if you are at all concerned about your cyber security, please get in touch with your Prosperity Adviser. To receive our Free Cyber Security Checklist and request one of our directors contact you to discuss your situation, please send an email by clicking here.