We’ve talked about cyber security before on this blog, and even written about protecting your small business from cyber attacks. But each new cyber attack is an opportunity to learn what steps to take to keep your data and your business safe.
What you need to know about the latest mass cyber attack
- Beginning on May 12th, a new malware began infecting windows computers globally.
- This computer virus was likely released through a phishing attack, which tricks people into downloading a file from an unidentified email.
- This malware, nicknamed “WannaCry,” is a ransomware computer worm.
- Ransomware is a type of computer virus that encrypts your files and then threatens to delete them unless you pay some amount of money.
- Computer worms are a type of virus that can spread via your computer network.
- The virus uses a vulnerability that Microsoft released a fix for in previous months. The affected computers are either several years old, or haven’t been updated recently.
- WannaCry not only encrypts the files on the computer, but also installs a new “backdoor,” making infected computers more vulnerable to hacking in the future.
- Even if a computer and its files are restored, this backdoor will need to be removed to prevent future data breach.
- Approximately 200,000 computers in 150 different countries have been infected.
- By May 18th, over $80,000 USD in extorted funds have been paid by individuals to the hackers for release of encrypted files.
What WannaCry teaches businesses about cyber attacks
Lesson 1: Don’t keep business computers for more than a few years.
Windows computers running on Windows XP and earlier operating systems were especially vulnerable to this ransomware attack. Microsoft stopped releasing updates for Windows XP back in 2014, so any computer running it is a liability.
Lesson 2: Data you have in only one place is data you don’t care about losing.
In short: backup your hard drives and files regularly. Whether it’s with external hard drives, flash drives, cloud storage, or all of the above, having a copy of your data safely tucked away is the best way to avoid losing anything.
Lesson 3: Set your computers to automatically update, and invest in antivirus software.
Those constant reminders to update your system can be very annoying, but losing all of your personal files is far, far worse. Most computers can install updates before they shut down, so automatic updates aren’t as inconvenient as you’d think. Most antivirus software will remind you to update in order to keep your computer as safe as possible.
Lesson 4: Practice safe email and web browsing, and keep an IT person at hand if possible.
If someone really needs to contact your business about something important, and you have not already communicated via email before, they will call. Government agencies will call, serious business people will call. Any supposedly urgent mystery email that appears out of the blue should be considered very suspicious, and if you’ve got an IT person, let them carefully look over it before any clicks are made.
Lesson 5: Cyber attacks hit everyone, so prepare for the worst.
The number of small businesses hit by cyber attacks and data breaches each year is increasing. There is no business or computer too small or insignificant to target.
Cyber crime is going small-time to make money
WannaCry’s first round of extortion on infected computers starts at roughly $300 USD. They want it to be affordable to de-encrypt your files, so that people will consider paying. By targeting hundreds of thousands of computers for small sums, the people who released WannaCry can make millions from small businesses and personal savings.
But paying the ransom is obviously not a viable solution. It’s extortion. Not to mention, these criminals have left a backdoor behind to take advantage of you again at any time.
Even if you know how best to avoid these viruses, if one person in the office makes a mistake the “worm” can spread to everyone’s computer. That’s why having a cyber liability policy with data breach coverage is a must. No business expects their computers to be hacked, just like no business expects their building to burn down. But when it happens, either you’re covered and can recoup much of what you lost, or (in all likelihood) you lose the business completely.
Talk to trusted IT and insurance experts as soon as possible to determine your risk for cyber attack and data breach, and what kind of premium you could expect for appropriate coverage.