Organisations need to invest in latest IT systems to stay safe and secure
Global cyber-attack reinforces need for IT security
A cyber-attack using WannaCry ransomware, which hit organisations in 150 countries around the world including the National Health Service in the UK, reinforces the need to keep computer hardware and software as up to date as possible.
The software giant, Microsoft, said the attack should be treated by governments around the world as a “wake-up call”, and blamed them for storing data on software vulnerabilities which could then be accessed by hackers.
It says the latest attack exploited a flaw in its Windows operating system which was first identified by and then stolen from US intelligence. The virus took control of users’ files and demanded payments to restore access.
What can users do?
Microsoft said it had released a Windows security update in March to tackle the problem involved in the latest attack, but many users were yet to run it. The message from Microsoft was to ensure that all Windows updates were downloaded as soon as they were available.
The spread of the WannaCry ransomware attack was said to have affected more than 200,000 computers in various businesses around the world. It was not known how much money had been paid in ransoms to hackers to restore vital systems.
Who has been affected?
The problem has been truly global. Affected organisations and countries have included the Interior Ministry in Russia, where 1,000 computers were said to be infected; France where Renault had to stop production at some of its factories; Spain where telecoms and gas suppliers were hit; the NHS in the UK where 61 organisations were disrupted; and in the US, where delivery firm FedEx was affected by the virus.
What should businesses do to stay secure?
To protect your organisation against the financial risks of a security breach or data loss, businesses should ensure that their IT manager is implementing the following measures, as advised by the Information Commissioner’s Office.
- All computers should have a firewall, spyware and anti-virus software installed
- Operating systems need to be able to receive automatic updates
- Patches or security updates should be downloaded to cover vulnerabilities
- Employee internet access should be limited to sites they need to complete their job
- Employees should be advised not to share passwords.
With regards to sensitive data, businesses need to ensure that it is encrypted, backed-up regularly and that the back-ups are stored at a separate secure location, which is a legal requirement.
To ensure data is protected at the end of a computer’s operating life, businesses should either destroy the individual hard drive or use specialist software to effectively ‘wipe’ the hard drive.
In addition to the preventative measures mentioned above, a business also needs to ensure that it is compliant with all industry-relevant data regulatory bodies, such as the Financial Conduct Authority (FCA), the Payment Card Industry Data Security Standard, ISO 27001, and the Data Protection Act 1998. Failure to comply could result in hefty fines.
Prevention is better than cure
If you believe your organisation needs to bolster its security and backup procedures to protect itself against the current and any future intrusion, then first you have to make sure you have the right tools for the job.
The hard facts are that failure to refresh IT hardware and software on a regular basis can result in catastrophic consequences for companies of all sizes and sectors.
To avoid the potential hazards and the accompanying headaches, what is first required is an in-depth understanding of which applications are running on which platforms.
This must then be combined with a long-term investment strategy which will ensure that all IT functions are renewed or refreshed on a regular and on-going basis.