The malicious ransomware called “WannaCry” hit businesses large and small across the globe in 2017. With more than 200,000 systems infected in over 150 countries, this large scale virus affected schools, governments, businesses, and even forced emergency rooms to close.
“WannaCry” is a program targeting Microsoft Windows operating systems where hackers take control of a computer, lock it, and hold users’ data hostage with no way out until Bitcoin payment has been made. The Windows security defect was originally exploited by the NSA, but leaked earlier this year allowing hackers to use the flaw.
A recent IBM study estimates a 6,000% uptick in ransomware attacks. With ransomware attacks on the rise, the Internet Society (ISOC) found through a Global Survey on Internet Security & Trust that most people are ill equipped to deal with ransomware. Furthermore, researchers concluded that one in four people “have no idea” what to do if their computer is hit by a ransomware attack. In the United States, 63% of firms said that they have experienced a cyber incident in the past year and 47% stated that they had two or more, according to a cyber and technology expert at Hiscox USA. Cyber crime cost the global economy approximately $450 billion in 2016 alone.
As technology evolves, businesses are becoming more dependent on data-driven networks, giving cyber criminals the ability to virtually pick any business and hold their critical networks hostage. All businesses should take a proactive approach in protecting their systems. The following are some tips and first lines of defense recommended by cyber experts to help protect your business:
- Updates — Apply the latest Microsoft security patches to protect against the “WannaCry” attack; ensure critical software is updated, including mobile devices, as soon as new operating system versions are available.
- Regular online & offline system backups — These can be restored in cases of ransomware and will expedite the recovery process in the case of an attack.
- Enhanced passwords — Require long and unique passwords to protect against intrusions. Passwords should include at least eight characters, a combination of letters, numbers, and symbols.
- Strong authentication — Require multi-factor authentication to access accounts on critical networks to minimize risk of access through stolen or hacked credentials.
- Secure sites — When using unfamiliar websites, be sure the URL begins with "https." The "s" at the end indicates it is a secure site. If someone sends a link to click on, “hover” over it to check for URL validity.
- Be cautious about what you receive or read online — If it sounds too good to be true, it most likely is. If an email seems suspicious but is from a known person, call them to verify the legitimacy.
- Verify email requests — "Phishing" attacks will attempt to obtain personal information by posing as a trustworthy organization. Verify the legitimacy of the organization’s request by contacting the company by another means. Do not confirm with the contact information in the email as you could be misled by a hacker.
- Test your system — Run "penetration tests" against your network's security, at least once a year, as recommended by the Department of Homeland Security.
- Awareness — Educate everyone in the organization on identifying scams, malicious links, and emails that may contain viruses and what to do if they come across something suspicions.
- Explore Cyber Liability insurance — Talk to your insurance agent to see if you have coverage in the event of a cyber-attack.
The tips above can provide the first line of defense against a cyber-attack. Nevertheless, all businesses are vulnerable to a breach. A company can claim to have the best IT team with the newest and most up-to-date software to combat being hacked, but if a cyber-criminal wants to gain access to a network, they will eventually find a way. We continue to see evidence of this on a daily basis in the news. A Cyber Liability policy can protect your business from having to close its doors after a costly breach. Polices can provide coverage for a cyber extortion incident, computer & funds transfer fraud, business interruption expenses, and much more. Please contact your Hausmann-Johnson Insurance agent to learn more about Cyber Liability coverage.
If you'd like to learn more about how to protect your business, register for our IT Security Webinar.