Following the recent spate of high profile ransomware attacks (read about WannaCry here), we wanted to reiterate that there are simple steps to minimise the likelihood of such attacks affecting your organisation.
Please raise awareness within your organisation of what all staff and volunteers should be looking out for.
1. Everyone needs to be vigilant
Ransomware usually starts from a malicious email or website, so always think before opening attachments in an email or clicking links or downloads from a website.
Today’s criminals have come a long way from the poorly spelt and presented emails that were sent previously and are taking time to craft emails that are virtually indistinguishable from genuine ones.
- Am I expecting the attachment?
- Do I recognise the email address - not just the name displayed but the actual email address that sent it?
Take a look at this screenshot put together by Co-operative Systems showing you how to spot a rogue email.
2. Ensure you are up to date with updates & patches (and not using obsolete operating systems)
You will have read in connection to the NHS attacks about the risks of using out-of-support software.
This currently includes Windows XP (which has been at 'end of life' since early 2014), Windows Vista and Windows 8 (not yet Windows 8.1).
You should also check your firewall and anti virus subscriptions are renewed and latest updates installed. Be aware that Office 2007 will be no longer be supported from 10th October 2017.
3. Check your backups
Fundamental to IT security is a robust back up system in place to guard against loss of data. If you have good effective backups in place, this will enable a fast restore to a pre-infected state should you be attacked.
It's important to check your backup solution is working on a regular basis so you can be confident there is as little as possible disruption to business continuity should you need to restore your data from it.
You might be using online services, or tapes / external hard drives, generated with or without backup software. Check that these are saving properly and that you would be able to restore from them if necessary. If there is an error message, always take action to resolve any issues before it's too late.
If you are using online file storage check details with your provider. We recently found out that the personal version of Dropbox only allows you to restore a file going back 30 days. However there is an option to extend this period.
If you are concerened about your small charity's online security and do not currently have an IT support provider in place, please get in touch with our team.