Ransomware – Could it be you?….

Complacency has always been the enemy of safety; in today’s world, we are all vulnerable!

The digital (cyber) environment may sometimes be opaque and difficult to understand, but it is a contested environment. If we seek to operate within it, and exploit its advantages, we must actively engage or expect to become a victim.

As I write a number of organisations worldwide, are reeling under the hammer of what appears to be a thoroughly industrialised Cyber Attack. Many of these affected organisations have (or claim) a reputation for strong governance. There is no-one, reading this, who doesn’t have actions that they should have taken or should be taking now.

Whilst it is tempting to view this sort of event as spectators, anyone reading this is unlikely to be invulnerable, whether we are part of an organisation or an individual. There are steps we should all be taking to reduce risk to ourselves or our organisations. We ignore these responsibilities at our peril.

Those who are responsible for the safety of organisations will have already taken actions to ensure that they are as safe as possible. This is part of baseline governance needed in today’s world and no organisation can claim to be competently run if it doesn’t have an effective Information or Cyber Security Management System. If you have one – you will probably know about it!

If you haven’t – then now is a good time to start – and if necessary get in touch with someone who can help you. (if you can’t think of anyone specific or are worried, www.srm-solutions.com is a good place to start!) There are a number of excellent schemes and established practices that you can use to raise the bar for attackers. If you have done nothing else yet – at least look at the Cyber Essentials Scheme as a first step.

If you don’t know who is responsible in your company – check – it could be you!

As individuals, however, we are still potential victims of attacks like this, but if we practice basic Cyber Hygiene we dramatically reduce the risks to ourselves and those around us.

Make sure our defences are strong:

Ensure our Anti Virus (even on a mac!), firewalls and software are all up to date and switched on.
Scan our systems with Anti Virus, and do this regularly when attacks are going on.
Stay alert to any suspicious emails, messages and don’t open anything suspicious. If someone sends you something suspicious. Contact them separately to check it is legitimate.
Check that we are using difficult to guess passwords, and that we are not exposing the password protecting our “crown jewels” on untrusted internet sites or unprotected devices.
Check our bank and card statements – Regularly!
Think it through from an attacker’s perspective.

Make sure we are resilient:

Ensure our information is backed and kept somewhere where it isn’t connected to the internet or our main system (e.g. a CD or a Backpack Drive).
Ensure we keep all backup data safe – and if possible encrypted. Ideally under lock and key.
Ensure that any critical information is held safely so that it will be available in the event that our main system is unavailable.

Make sure we know what to do if we are compromised:

Write down a simple plan – stick it on the fridge or the filing cabinet – somewhere we can find it!
Don’t pay ransoms – we shouldn’t need to!
Know who we are going to contact for further advice in emergency.

Don’t Assume – Check that you are as safe as you think you are. Do this periodically and when the risk rises:

Check our Backups are being taken (and that your drive is not full). Check that we can restore them and that they are not corrupted.
Check that you can access your critical data and files if your main system is down.
If you don’t know how to do any of this – learn now – these are basic survival skills! If you have friends or family members who may not be able to do this – it may be worth contacting them to check they are not exposing themselves inadvertently.

Whether we are acting as individuals or are responsible for the safety of an organisation, this is no longer something for someone else to do – we all have a part to play, and must play it to the best of our ability.

Managing Director of SRM, Tom F is a regular contributor to the SRM blog.

Posted 2 months ago on · Permalink