Last week we saw if not the biggest then one of the biggest cyber-attacks ever. It may not be the quantity of machines affected which is impressive but instead the level of disruption that was caused on a single day.

The facts as they stand now are that 200,000 machines over 150 countries were infected by ransomware. Ransomware is the type of malware which encrypts your files, essentially locking you out of them until you pay the ransom. At that point you have two options; first to pay the ransom, although there are no guarantees, the second being to delete all the affected files then rebuild from backups.

Based on the types of malware that you can read about and the damage they can cause I would say this could have been far worse. As the international man-hunt is underway to find the people who did this, what lessons can we learn?

Microsoft has phrased this as a ‘Wake-Up call’ to governments around the world. As SMEs we have little power over Government policies but there are things we can do to better protect our businesses. There are two common misconceptions regarding malware, first that if you have an Antivirus then you need not worry. The problem is that there are millions of new pieces of malware being released every month. Estimates from McAfee put it at 24,000,000 new Malware samples in Q4 of 2016. This means that Antivirus applications can’t possibly find every form of malware. The second misconception is that Mac’s do not suffer from Malware. Whilst the number of malicious applications for Mac is an order of magnitude less than that for PC, it is on the rise. In 2016 we saw an increase from 50,000 new samples in Q3 to over 300,000 in Q4.

As small businesses, I believe there needs to be a shift away from Cyber Security being an ‘IT issue’ for the IT team, to being ingrained in the company as a whole, right from the very top. Much in the same way that Health and Safety needs to be part of an organisation’s culture.

The key things businesses can do to protect themselves haven’t really changed in the light of this incident, we recommend businesses look at the following items on top of the usual Antivirus and Backups:

  • Replacing older equipment – especially those running Windows XP
  • Vulnerability scanning and patching, not just for Windows but all applications
  • Have a password policy, and stick to it
  • Implement more detailed email filtering
  • Train your staff

The biggest risk by far in a small organisation is its team. Many users don’t know the risks around cyber security and that makes them a vulnerability, to you and your business. We offer monthly training sessions at our office on Cyber Awareness and also can produce bespoke training sessions for larger businesses who need something more tailored to the way they work.

Talk to us today about this and what more could be done to protect your business.