At Awecomm, we have been talking a lot lately about protecting sensitive data. We have had a few recent blog articles and hosted a great event at the DAC helping business executives understand the importance of protecting sensitive business data for their own company and their clients. The recent outbreak of the WannaCry Ransomware is a great example of how, by just following some basic IT standards, your company would be protected, and you would probably sleep a lot better knowing your critical data is safe.
Every time there is news of a big data breach or a new malware that is infecting PCs around the world, I question why businesses are so vulnerable. Do they not care? Do they not think they are a target? Do they not understand the impact? Maybe they just do not know what to do to be protected. Maybe they are “hoping” their IT team has it covered. What I will tell you is, your business is a target. In fact, your business is the target. Most of these attacks are aimed at small-medium businesses, we just hear about the ones that make the news headlines. I think too often business leaders take the stance, “it won’t happen to me,” or at least they are hoping it won’t happen to their business.
“Hope” Will Not Keep Your Data Safe
WannaCry is a pretty simple approach. It infects PCs because a user opens a malicious attachment or clicks a link that ends up downloading the ransomware on their PC. From there, it spreads to any other connected PCs that have not been updated with the latest Microsoft security patches. The infected machines have all their data encrypted and can only de-crypt the data by paying a ransom. We have complete checklists of best practices for protecting data, but in the case of the WannaCry ransomware, you only need to be doing a few. Here are some that will significantly reduce your risk:
- Automatic Windows Updates – Turn on Microsoft Automatic updates so your PCs are always up to date with the latest patches.
- Anti-Virus – Be sure that anti-virus software is installed and regularly updated on every PC.
- SPAM – Have a good SPAM filter for your email to prevent the malicious email from arriving in the first place.
- Advanced Email Threat Protection – Systems that convert office files that can contain malicious code to PDFs and pre-scan any links within the body of an email provide another powerful layer of protection.
- Backup – Always have your data backed up and know that it can be restored if it is lost, stolen, or in this case, encrypted by WannaCry ransomware.
If you are interested in receiving a complete checklist of our best practices about keeping your data safe, just email us at firstname.lastname@example.org and we will send you the checklist.
Security Tips for Users
If you are following best practices, you can be comfortable knowing that company systems and data are being protected. However, hackers are always trying to find new ways in the door. Here are a few security tips for end-users to further help prevent a data breach within your organization:
- Never open email attachments from unknown senders or with suspicious messages in the email (email could look like it is from someone you know, but that may not be the case).
- Never click links in emails that are not from known senders or with suspicious messages in the email (see #1 above).
- Don’t insert a USB drive into your PC unless you know it is safe. These devices may contain malicious code that would harm or infect your PC.
- Complete workstation updates on your PC in a timely manner (don’t delay the reboots too long when there is an update that will be completed).
- Report suspicious emails or requests to IT personnel. They can help evaluate and prevent a major incident.
If you are not following best practices, you have a few options from here. You can continue to ignore it and hope for the best, or you can have a business conversation with your IT team around the impact of a data breach or infection from the WannaCry ransomware. Talk about how that would impact the business and trust with clients. Identify the most sensitive data and ask how it is being protected. Use our best practices checklist as a guide and keep pushing until you are comfortable that your business is protected.