The worldwide cyber-attack that brought the NHS to its knees recently has definitely reiterated the threats faced by businesses working in the modern digital environment.
The much publicised attack made use of hacking tools to spread ransomware known as ‘WannaCry’. Not only did it affect the NHS, but also global shipping outfit FedEx as well as more than 300,000 computers over 150 countries. Cybersecurity company F-Secure described it as ‘the biggest ransomware outbreak in history’.
WannaCry made its way in through emails that had been designed to trick the recipient into opening attachments primed to release malware onto their system. Affected computers locked up files and encrypted them, making them inaccessible to users unless they made a payment using bitcoin. The trouble was, even if payment was forthcoming, there was no real guarantee that access would be restored.
Microsoft released a patch in March this year to fix a vulnerability that WannaCry exploited. However, not everyone installs updates as soon as they become available, which left the vulnerability exposed.
When it came to casualties of the attack, the NHS came off worst. Hospitals and GP surgeries nationwide fell into chaos with patient systems and medical records inaccessible. Other victims included FedEx, Portugal Telecom and Spain’s Telefonica together with German railway Deutsche Bahn.
How to Protect Against Cyber Attacks
It is essential to make sure all software is kept updated. The updates that are made available usually incorporate security patches, which means ignoring them or putting them off is very risky.
Vigilance with emails is also crucial. Looking out for suspicious messages that contain links or attachments should be the norm right across the organisation, with strict parameters set as to what to do and what not to do. As well as employees, make sure outsourced staff and subcontractors are aware of your rules about links and attachments in emails and that they know the risks of downloading programs, apps and software from unofficial or non-secured sources.
Dealing with Cyber Attack Risks
Cyber risk insurance is an astute choice for any business. It is designed to restore an organisation to its complete operational status as quickly as possible following an attack.
Cyber risk insurance covers the policy holder for malicious attacks, cyber extortion, denial of service and human-error data breaches. Depending on the small print, it can provide legal guidance, business interruption cover, public relations advice, IT forensics, data restoration and cover for lost profits.
Hackers are finding new inroads on a daily basis. Make sure your business is safe and covered for this very real risk. If you need practical advice, you can always talk to your local bookkeepers.