Leading IT specialist Cornerstone Business Solutions has warned that hundreds of Teesside organisations could be leaving themselves wide open to cyber-attacks similar to the one that paralysed NHS systems over the weekend. Their managing director Chris Petty has issued the following advice for organisations to follow to help protect their IT security…
A number of hospital trusts are still suffering ongoing disruption following last Friday’s ransomware virus that is believed to have affected 200,000 machines in 150 countries.
But Teesside organisations would be making a big mistake to believe the danger had now passed.
We don’t want to spread any unnecessary alarm, but it’s very possible that hundreds, maybe even thousands of North-East firms are leaving themselves wide open to cyber-attack, especially smaller businesses.
Although it has only hit the headlines following the attack on the NHS at the end of last week, this particular ransomware has been around for a while – and it’s fair to assume it’s not about to disappear.
Cyber-attacks are a real and present danger. We know of several local organisations that have been the subject of this particular ransomware in the past.
It’s crazy for an organisation with the size and importance of the NHS to have had systems running on Windows XP. Microsoft ceased to support XP a couple of years ago, which means there have been no security updates.
Like any organisation running an out-of-date system, the NHS was leaving itself wide open to a cyber-attack. Quite frankly, they have been relying on a system that I wouldn’t recommend to my grandma.
Anyone who is still on XP should be looking to urgently update. It’s crazy to have kit of that age. IT equipment typically has a three-year lifespan, though most organisations probably wait five years to update their kit.
Of course, everyone thinks ‘it won’t happen to me’, but I’ve seen a grown man cry after losing all of his data from his PC. He basically ran his entire business from his computer so he lost everything because he had failed to carry out regular backups.
Ultimately, though, there is no need to panic. The most sensible thing for everyone to consider is to avoid opening emails if they are in any way suspicious of their contents or the sender. Simply delete it completely.
Here’s our advice for organisations to follow to help protect their IT security:
Backing up your data on a daily basis is the most important action. This will mean that even the worst case scenario means losing only a day’s data. Business that do carry out daily backups should also check that the backup is working as it should, paying particular attention to any notifications they receive. An offsite backup solution is safest.
All businesses and individuals should ensure that their antivirus is up-to-date and enabled. Antivirus should be installed on every server, PC, laptop and tablet within a network. If you have machines that have not been used for a while, check to make sure they have the required protection before connecting them to your networks. Don’t rely on free antivirus protection. This may provide some protection but it is not enough. It’s the equivalent of having a house alarm that only protects your back door.
Malware is software specifically designed to disrupt, damage or gain access to a computer system.
Some Antivirus products claim to offer Malware protection as well as Antivirus Protection. There is no product on the market that can rightly claim this, so a product specifically designed to protect against Malware is recommended, in addition to a recognised and up-to-date Antivirus product.
All staff should reset their passwords immediately and ensure that the new password includes: i) At least eight characters, ii) At least one uppercase, iii) One number and one special character.
Ensure your machines are fully up-to-date with Windows Updates. If you haven’t checked or updated your machine for a while then do it now. Windows XP and Windows 2003 Server are no longer supported by Microsoft and are therefore vulnerable. Disconnect Windows XP PCs or laptops from your network.
Don’t open any emails that you are suspicious of. If you don’t recognise the sender then delete these emails immediately by pressing and holding the “shift” key and pressing delete. This will permanently delete the email instead of sending it to your deleted items. NEVER click on any hyperlinks in emails unless you are 100% sure of their source.
Cornerstone Business Solutions