Recent Cyberattack Headlines & WannaCry

Posted by

Cyberattack! WannaCry Ransomware

We would be surprised if any of you missed the recent headlines and reports in the media with regards to the NHS and other organisations falling foul to the WannaCry ransomware.

We tweeted about it at the time – this in out opinion is old hat. It should not have been an issue for any IT systems that are being properly looked after by a company such as us.

An Attack?

This was widely reported as an “attack”. In our opinion this is misleading and a little sensationalist. The word attack builds a picture that there is someone or something actively attacking you. Yes, WannaCry is a little different in that it spreads from machine to machine rather than relying on a person being tricked into doing something, but this sort of ransomware has been around for years.

Our Advice

If you are reading this and you are not a client of ours we would be happy to help.

In the meantime there are some pretty basic tenets of IT systems management and best practices on the avoidance of this sort of ransomware:

  1. Don’t run ancient systems that are no longer supported by the manufacturer. If you absolutely have to, run them in an enclosed environment.
  2. Regularly patch/update all operating systems and other third party software.
  3. Educate and train your staff to be super critical and miss-trusting of everything.
  4. Use Endpoint Protection on all machines and yes this means Macs, tablets and mobile devices as well – no exceptions.
  5. Have proper server-based mail system virus, malware and spam protection.
  6. Have outbound Web Content Filtering and Security protection in place.
  7. Make sure you have a Disaster Recovery and Business Continuity plan in place – and that it works. Test it regularly.
  8. Don’t allow or heavily police the use of USB and other peripheral storage devices.
  9. Don’t be lackadaisical with the comings and goings of devices, especially BYO devices.
  10. Don’t allow unrestricted remote access to your systems from external machines you have no control of.
  11. Don’t be complacent about any of your network security. Proper corporate firewalls and other network perimeter protection systems are paramount.
  12. Run regular health checks and security audits.
  13. Monitor your user activity.
  14. Constantly review all of the above.

Get Us In!

If all of this is too daunting get us to sort it out. This is what we excel at! Contact us now or use the chat widget to get immediate advice.