At the end of another week, where a cyber-attack has rocked the business world we at Call IT Services reflect on the why and the how these attacks attack keep happening.
Looking at this week’s incident though, it brings into question the professionalism and knowledge of the IT departments, both in-house and outsourced, of the companies that did get hit. Why do I write this you may ask; well the “Petya Attack” exploited the same vulnerability that the “Wanna Cry Attack” exploited a few weeks ago. Which mean that IT departments did not take the necessary steps, to patch user machines with the necessary updates, to protect their organizations against the very likely possibility of another attack happening.
This is also 2 side to this coin as, in my experience, business owners do not take the advice and recommendations that their IT Managers table before them.
As the cyber risk continues to increase, business owners and IT personal need to be brought to a place where they must be held accountable for any security breaches that may happen. The more these attacks are successful the more they will happen!
Here are 6 pragmatic steps to take to better manage the ransomeware risk:
- MAKE SURE ALL DEVICES ARE UP TO DATE! Considering this week’s attack exploited the same vulnerability as the previous worldwide attack did, this should be a no-brainer. Microsoft had already addressed this vulnerability.
- Businesses need to have plans and strategies in place to get the business up and running as quickly as possible in the case that they do get hit by Ransomware. If you are prepared to lose 1 hour of data in-case you get hit than you should be backing up every hour. Make sure business critical machines like server are continuously backed up and the backup is tested!
- All employers who are responsible for the recovery process must know exactly what to do in the event of a crisis. The less questions need to be asked the faster the work can get done and the business be up and running again.
- This point is solely the responsibility of the IT department; Asses the vulnerabilities on your network periodically. Stay informed about the latest threats and solutions to those threats, there firewalls with built in sandboxing techniques that are capable of stopping zero day old attacks.
- EDUCATION, EDUCATION EDUCATION: Every user on the network must be educated about how cyber-attacks are initiated, the most common method being phishing emails. Ignorance can no longer be an excuse.
Most Businesses have IT Policies in place that explain how employees should handle themselves on their devices while on the network, I recommend that Cyber-Hygiene practices be put in the IT policy so employees are aware.