The WannaCry ransomware was undoubtedly one of the largest cyberattacks the world has ever seen. Beginning on Friday, 12 May 2017 it was widely publicised after it affected large parts of the NHS in the UK – however, this was a worldwide issue. There were problems across Russia, India, Spain and Germany, and in total more than 150 countries were affected. The ransomware software was able to exploit older Microsoft systems that had not been updated properly.
With companies across the globe still suffering from the effects of WannaCry, it’s relevant to ask exactly what lessons your business can learn from it. Even if you didn’t suffer in this attack, it’s important to remember that hackers and cyber criminals are becoming more sophisticated every day, so any lessons will be enormously valuable.
Are you investing enough in your defences? What is the weak link that criminals mostly commonly exploit? And how will GDPR rules affect cyber security?
Here are six lessons that you can take away from the attack.
Lesson 1: Raise awareness at the highest level of the business
It’s often thought that issues with cyber security should fall to the IT department, and that they can be left to plan for any potential problems and deal with them if they arise. However, how can management make effective decisions regarding budgets or contingency plans if they are not aware of the dangers?
Studies have shown that 60 per cent of small businesses that suffer a cyber-attack are out of business within six months. Clearly these sorts of hacks can have a disastrous effect on all areas of the business, so you cannot confine the problem to the IT department. Management need to take ownership of such business-critical issues.
Lesson 2: Update your software properly
The businesses and organisations that were vulnerable to WannaCry were those that were running on older versions of Microsoft operating systems including Windows XP, Windows 8 and Windows Server 2003. However, if these operating systems had been updated properly they would not have been vulnerable to the attack.
This acts as a reminder as to how important it is to update your software as soon as it becomes available. It’s best to set business computers to automatically update but if that doesn’t work for you, make sure every member of staff knows how important it is to do it.
Lesson 3: Invest in cyber security
Another lesson that businesses badly need to learn is that if they haven’t invested properly in cyber security, now really is the time. As hackers and cyber-criminals up their game, you need to take the necessary defensive steps. This is no longer a luxury that you can’t afford – it has the potential to end your business.
Lesson 4: Follow guidelines
It’s easy to talk about what businesses and organisations should have done to protect themselves from WannaCry – hindsight is a wonderful thing. But had they taken any advice beforehand on how to prevent this sort of hack from occurring, they would have been given guidelines that would likely have given them ample protection.
To stop future attacks it will be important to pay attention to directives and rules regarding data. In May 2018, a new European directive called the General Data Protection Regulation (GDPR) will come into force. It is essential that businesses should look into GDPR services as soon as possible to ensure that they are within the regulations.
If you work with a cyber security firm they will work with ways to improve your defences, detect threats and respond to attacks. GDPR has been brought in to protect businesses and their customers against exactly this sort of attack. If you comply with regulations like this, you will have the best chance of defending your business against future attacks. See Finance-Online’s reviews of promoting awards on your site, showcasing, amongst other factors, a website’s compliance with guidelines.
Lesson 5: Backup your data properly
Ransomware like WannaCry is effective because it encrypts all of the data on your computer or system and then only gives it back once you have paid a ransom. If you don’t pay then you lose everything. Clearly, then, WannaCry would not have any effect at all if everyone properly backed up all of their data, as the ransomware would not have anything of value to hold to ransom.
It’s important that you start taking data backup seriously. There are many different solutions available from cloud storage to external hard drives.
Lesson 6: Strengthen staff as well as cyber defences
It’s important to recognise that people are often the weakest link in your cyber defences. Even the strongest cyber defences in the world can’t protect against glaringly obvious passwords (think ‘password1’ or ‘abc123’) or ill-informed employees clicking dodgy links in their emails. That means you need to provide staff with training on what they need to do prevent attacks and the steps that they should take if they find something suspicious.