What To Do When You Hear About A Cyber Attack
by Robert McNicholas on September, 27 2017
Ransomware, viruses, worms, and vulnerabilities are making the news more than ever. What can you do to keep your company safe?
In 2016-2017, we’ve lurched from cyber threat to cyber threat with almost monthly regularity. The latest example is WannaCry, which exploits a weakness in outdated versions of Microsoft Windows.
It doesn’t really matter if the attack is a system-melting virus, an information-stealing trojan, or a data-encrypting piece of ransomware. It’s scary enough to keep business owners up at night, wondering if their IT security is secure enough.
The hard truth is that no one is completely safe online. But we’re not all helplessly vulnerable, either. It’s like driving a car to work: there will always be a risk, but we have to do it. And there are ways to reduce the risks involved.
So, when you read about the latest cyberattack, don’t panic. Buckle up your seatbelt and get ready to take evasive action.
Before an Attack: Be Prepared
Your best cybersecurity plan is a golden oldie: Back up and update. This should be your mantra. Back up all your information (or at the very least, all your important information) in a safe place off your local network. This means either a secure cloud storage service (plenty of those around, including Google Drive) or a USB-based external hard drive. Ideally, you’ll have two backups, but that is another post. Also ideally, you’ve updated your backups daily, or at least weekly.
Next, all the operating systems on your network are up-to-date, right? While Windows is the usual target, malware for Apple, Android, and Linux is not unknown. Make sure that any device that has access to your secured office network is fully updated – this includes BYOD mobile devices.
Finally, institute a company-wide policy of basic cybersecurity awareness. You know the drill: don’t open emails if you don’t know the sender, and don’t download anything from unsecured, unknown, or questionable sources.
So now you’ve done some basic IT emergency preparedness. What do you do when you hear of the latest cyber threat?
Check Your Cyber Defenses
First of all, you need to know 1) what the threat is, 2) what is does, and 3) who it affects. In the case of WannaCry, the answers are:
It’s ransomware, or a program that “holds your computer hostage” by encrypting (locking) your files. You can get access back by paying ransom money.
If you don’t pay up, you lose your files. Unless, of course, you find a way to circumvent the malware.
Windows users and business networks are most affected, especially those running outdated or un-updated versions.
Since most businesses use Windows, everyone should have checked to see if they were secure against this type of threat. Microsoft released a patch for Windows 10 that fixed this vulnerability before WannaCry made the news, so updated Windows 10 environments were safe. Windows XP, 7, and 8 received separate patches later.
So the next move, in this case, was to see if your Windows-running computers and networks were updated. (This is easy enough to do using the Windows Update program. You can also use a third-party checker to determine if your system is vulnerable to specific attacks.)
Finally, in the face of any attack, I run a full system scan using a security program like Norton or Malwarebytes, or sometimes both. This gives an added sense of security. Like Windows, these programs need to be fully updated to be effective, but they can help users find and fix problems before they start.
If you have any concerns about your cybersecurity, talk to your IT partners at TECHSPERTS for advice. We can help you create a customized managed IT plan to take care of your needs.