A patch in time...
News

A patch in time...

May 15 2017

The high public profile that the NHS computer system crash received should serve as the wake up call for anybody not yet aware that 'it could happen to you'.  This was not an attack targeted on the NHS specifically.  Rather it was an opportunistic attack, spread by fake emails, that took advantage of a known gap in Microsoft coding.

Follow our 6 tips to help ensure that you continue to work virus free

 

1. Ensure you are using reputable and up-to-date antivirus software

This is your single best defence against attack - but can never be 100% relied on, which is why the other steps, including staff-education are so critical.  It only takes one rogue email to be clicked to bring down an entire system!

 

2. Maintain an up-to-date, independent back-up

This is not just a cyber security point, but relates equally to other forms of business continuity issue.  A robust, regularly updated back-up of systems and data is at the heart of modern businesses' business continuity plans.  And it should be tested at intervals too.

Keeping the back-up independent from your other systems helps ensure that it will not be impacted by any virus attack.  Check with your current IT provider what your back-up arrangements are.

 

3. Always apply software updates at the earliest opportunity

The best protection against the 'Wannacry' virus, and others like it, that exploit known vulnerabilities in software, is for you to ensure that your software is properly up-to-date.

Activate automatic updates in the software, or, alternatively, when an update is flagged, install it immediately.  Microsoft, on becoming aware of the vulnerability rapidly issued a 'software patch' which provided essential protection against this particular type of attack.   If you have installed all relevant updates, you are unlikely to be impacted by this particular virus.

 

4. Ensure you are using up-to-date supported software

Microsoft have stopped supporting older systems such as Windows XP.  This means that they do not issue 'patches' or other updates to protect against new threats or newly discovered vulnerabilities.

If you are using Windows XP - you are at high risk, and antivirus software will not protect you from many risks. 

Speak to your IT provider today about upgrading to the latest version.

 

5. Check your internet browser

Your internet browser is another form of software, and needs to be kept up-to-date.  Many firms are still using Internet Explorer 8, which is no longer secure.

Check your browser now by visiting www.whatsmybrowser.orgThis will immediately show you what browser you are using.  If it is Internet Explorer 8, update it to the latest version now. If you are using other browsers (Chrome, Firefox, Safari etc) you should similarly ensure that you are using a current version.  A quick search on the internet will confirm this.

And the same message applies - set your browser to update automatically, or otherwise ensure that you are installing essential updates as soon as possible.

 

6. Ensure that ALL your staff are made aware of the risk of 'phishing' emails - today

The aptly-named 'wannacry' virus that sent the NHS into meltdown is spread by fake emails.  The emails have typically appeared as invoices, job offers, and security alerts.

If one person in your firm clicks on one of these messages, it risks the whole firm being affected.

While it is not possible to identify all phishing emails, each member of staff is still a vital line in your defence. 

Please ensure that all staff are particularly aware of the risk of fake invoices, job offers, security alerts and the like.

The message just now has to be, if in doubt - do not open.  Set emails into preview view to help reduce the risk.

 

Further Guidance

Look out for Lockton's phishing awareness training, which will be released this summer. 

Meantime, you can download information on the Governement's 10-steps to cyber security, and their report on small businesses and cyber risks, using the links on the right.

If you have any questions or concerns about how best to implement any of this advice, contact me.

To Contact Us By Phone

Our Master Policy Switchboard is available 9am - 5pm, Monday - Friday (except for public holidays, when we are closed). Master Policy Switchboard: 0131 345 5599