Update IT infrastructure
“NotPetya and WannaCry campaigns have highlighted the need for small businesses, and everyone generally, to make sure that their computer systems are up-to-date, that they have the latest security patches applied,” Macpherson said.
“Like many attacks that are coming from hackers and scammers, they exploit known vulnerabilities and sometimes those vulnerabilities may be quite old.”
Lyons said he understood why some firms may have to run an older operating system, but it was important to make sure it was properly patched for security.
“If you’re going to maintain an older operating system then you have to be darn sure that it’s as safe as it possibly can.”
“A lot of those backup systems have automatic backups or automatic synchronisation and if you get hit by ransomware, depending on the type, you could find that your backup gets synchronised with the encrypted file.”
Security awareness was key, Macpherson said.
“Typical ransomware is delivered by phishing emails, the emails where people want you to click the link or attachment, and basically to infect your system yourself,” he said.
“Being wary of emails or sources you don’t know or odd subject lines with things you weren’t expecting, for instance those bogus emails that tell you you’ve missed a courier delivery from FedEx or DHL or whoever, when you weren’t expecting something.
“A recent one going around says, ‘Your Amazon order has been cancelled’, . . . don’t click those links unless you know they are from a trusted source.” have reliable recovery mechanisms.
“Sit down and look at your IT infrastructure . . . Think about what would happen if your data or application disappeared tomorrow, what would you do? How much would it impact your business? Would you carry on as normal?
“If something is important to your business then they have to be worth thinking about how you would get back up and running should you be attacked.”
He said businesses should be using recent examples of ransomware attacks to prompt planning in advance.
“When we hear stories like this, if we’re not affected it’s great, we all touch wood and say ‘ Phew, thank goodness that wasn’t me’, but we should be using them as a reminder to say, ‘It wasn’t me today, but what if it was me tomorrow’.”
Lyons said there was a significant underground economy in the production and distribution of ransomware.
“The idea that a hacker is a person sitting in a room doing this for amusement or vandalism might be part of it, but we have to be realistic and take into account the fact that this is a business . . . People are making money and t hey are motivated by the financial return.”