Of course by now you would have undoubtedly heard about the global ransomware attack that began hitting businesses and institutions on Friday afternoon, already described as the “biggest ransomware attack in history”. The computer malware has since spread across 150 countries, affecting our NHS services, Germany’s rail network and Spain’s telecommunications among many other victims, but is now showing signs of slowing down.
While we don’t know if another wave is imminent, we can and should take this as an opportunity to improve security measures across the country in the hope that future attacks may be thwarted or at least to ensure your business can continue operating should the worst happen.
We’re talking two sides of the coin here, prevention and disaster recovery. Let’s start with prevention…
Is your business vulnerable to cyber attacks?
One of the simplest ways to strengthen your business is often the most overlooked – your business is only as strong as your team. Make sure your whole team is given training on security best practices, including how to spot phishing scams, and have adequate policies in place for reporting and handling these.
WannaCry was most likely spread by phishing emails containing malicious files, opened in good faith by unaware recipients. This could perhaps have been prevented had recipients been more aware of the dangers, suspicious of opening attachments and had an effective anti-spam filter been in place on the email accounts.
At Cloud Heroes, all our Hosted Exchange email accounts now automatically come with an advanced anti-spam filter which is designed to help prevent these malicious files from infecting computers. If you don’t have this barrier of protection in place today, it’s worth checking with your email provider to see if it’s available or source a third-party software.
One unrelated, but equally effective phishing scam that’s been spreading recently is the CEO scam that tries to impersonate a c-suite executive for an urgent money transfer. Sounds easy to spot, but this one can be very sophisticated and look just like an internal email from your boss.
It won’t require any additional resources or budget, so if you at the very least make sure your team is aware of the dangers and know how to respond to an identified threat, you’re already in a much better position to prevent cyber attacks.
Is your business protected against disaster?
Ask yourself, what would happen if your business fell victim to a cyber attack? If you lost access to all your systems, files and data, would your business be able to continue operating? How long would it take you to get back on your feet and how much would it ultimately cost?
These are some terrifying questions that, in this day and age, you simply must consider. Almost half of UK firms were hit by a cyber breach or attack in the past year, with the average cost being between £75K – £311K for small businesses. It could potentially put you out of business.
Conduct a review of your business’ position. if you believe the impact could be significant, you should look into putting a disaster recovery plan in place to ensure you’re protected against disaster – be it floods, fire, theft or indeed a cyber attack.
We work with businesses of all sizes to create and implement disaster recovery plans, including hot replication and recovery of major IT systems, without the expense of secondary infrastructure. (You can find out more about that here.)
The most important part for your business is to ensure you take regular backups, following the essential 3-2-1 rule of recovery to ensure you have several copies stored in different formats including one offline version. You should also regularly check your backups in case they fail.
However, it’s worth pointing out that in the case of WannaCry having a backup wouldn’t necessarily have solved the ransomware situation as the malware could have infected your systems at a much earlier stage and remained hidden until it was activated, scrambling your files and demanding money. Restoring a previous backup could in this case restore your files, but the malware would still be there and would just start all over again. You would most likely need to carry out a complete wipe and choose an early restoration point, though this could mean you would lose all your recent data.
As this proves, prevention really is the best cure. But when all else fails, a solid disaster recovery plan could be the difference between going out of business and getting back on your feet.
If you’re worried about WannaCry or your business’ security, we are always happy to talk. Contact us on 01225 776 555 or email firstname.lastname@example.org.