Don't Wanna Cry? Remove the Target on Your Back.
Computer Security Tips for Small Business Owners
For the last few days the world has been dealing with the aftermath of the latest iteration of ransomware called WannaCrypt also known by its nick name WannaCry (and believe me you do Wanna Cry if you get hit by this nasty thing). It's become another not-so-subtle reminder that we need to do everything we can as small business owners to protect the computer systems which provide access to the important data we count on every day.
So how exactly do you protect yourself from these kinds of attacks? How can you reduce the size of the target your systems present to would-be hackers? Here are a few steps you can take to reduce the likelihood of getting hit.
Run Current Operating Systems
The WannaCrypt ransomware demonstrated that running old versions of Windows is a bad idea. Microsoft ended support for Windows XP on April 8, 2014 after a 12 year life cycle. Computer users need to understand that software manufacturers cannot be expected to support old products in perpetuity. If you are still using Windows XP consider replacing it immediately if want to enjoy safe computing.
Keep your computer systems patched! This is the boring bit that many of us like to skip. Those reminders come up at the most inopportune time and you tell your computer that for sure you will do it later. :) But later never seems to happen and then months go by and before you know it your system is way out of date.
Employ Good Anti-virus Software
Employ a good quality anti-virus (AV) software system. Not all AV is created equal so it is worth doing a bit of homework to see which brands are currently the best as their effectiveness can change from year to year.
Clean Up Your Email
If you have an effective anti-SPAM system in place many of the emails that deliver ransomware misery will be captured before they get to your inbox. In our experience most of these kinds of attacks are triggered when an unsuspecting staff member clicks on a link in the SPAM email which in effect is an invitation to the attacker to install their software on that computer.
Educate Your Staff
The previous point leads us to this, help your staff members understand what to look for when going through their inbox or browsing websites. Here is a safety checklist:
- I know the sender of this email
- It makes sense that this was sent to me
- The attached link or PDF is something I can verify is safe
- The email doesn’t threaten to close my accounts or cancel my cards if I don’t provide information
- This email is from someone I trust, it doesn’t just look like someone I trust
- Nothing seems “off” about this email, its contents or sender
Now we'll discuss setting up a last line of defence in case the previous steps did not stop the ransomeware attack from taking place. Ultimately if you find yourself at a point where you are looking to recover from an attack you are going to need a bulletproof disaster recovery plan. The best business disaster recovery (BDR) systems employ a backup that runs throughout the business day so that your backups are never more than an hour old. The backups need to be stored in more than one location so they should automatically be synchronized to offsite data centres. Then when you need to recover data the backups should be easily accessible so you are able to get the data back quickly and easily.
At Gennix Consulting we provide all of the technologies and training mentioned here to best protect our clients from these attacks. We have had new prospective clients contact us for help in recovering from these types of attacks and after a successful recovery (without having to pay the ransomer) we have gained the trust of these business owners and they have come on-board as clients. So if you think we can be of assistance to your company please don't hesitate to reach out.