Is Your Financial Firm at Risk?
Imagine turning on your computer and discovering that all your information is being held hostage. That’s exactly what happened to over 300,000 computers in 150 countries starting last friday. The global WannaCry “ransomware” cyber attack affected companies like Britain’s National Health Service, FedEx, Renault and others, including governments.
This attack highlighted the vulnerabilities in cybersecurity. Although software security is continuously being updated, malicious hackers are constantly evolving how they target computers online, meaning that you need to stay on high alert in order to be protected.
What is a Ransomware Attack?
Think of ransomware as a malicious software that holds your computer hostage until you pay a sum money, or else it will destroy your files. Ransomware targets files that are encrypted, such as spreadsheets or presentations, and will demand payments of hundreds of dollars in order to save your documents.
But how did this virus even get in computers in the first place? The organization behind the attack last week, WannaCry, discovered a vulnerability in Microsoft’s operating systems. For those of you who have recently updated your version of Windows, you’re probably ok. But if you haven’t updated your Windows software in while, you’re at risk.
It will be extremely difficult, if not impossible, to recover the files of any business targeted in this attack.
Protecting Your Financial Firm
The first step in preventing a ransomware attack is making sure your operating system is up to date. You can activate automatic updates so that your business always has the latest protection technology. In addition, your business should be constantly installing security patches when they are released. In the case of the most recent attack by WannaCry, Microsoft actually sent out a patch for the vulnerability in March, but the update was offered quietly without a sense of urgency. Whatever Microsoft’s reasons for releasing the patch quietly, the fact remains that it’s hard to know whether an update will be critical to your cybersecurity or just a minor new feature.
Secondly, ensure that you have backup versions of your files in an offline storage or on a cloud storage service. CBC technology writer Matthew Braga advises having a backup of files because, “if you have a backup then this whole thing is moot. You just wipe your computer, restore your backup, and it’s fine.”
Next, evaluate how your firm handles phishing attacks (emails that include an attachment containing malware that, when clicked on, infect your computer). Educate and train employees on how to handle cyber-threats. A great tactic is to test how prepared your employees are by sending out fake phishing emails and seeing how many employees click on them. Upon analysis of this test, you can quantify how vulnerable your firm is to a cyberattack. Strategize what a worst-case cyberattack scenario would be and how you would handle it.
What to do if you become victim to a ransomware attack.
There’s some debate over whether you should pay in a ransomware attack. Many organizations who have paid have never had their files released, and others who waited it out eventually recovered their files without paying.
If you are victim to a ransomware attack, contact your region’s cybercrime unit. Depending on your circumstances and the nature of the attack, you may choose to either wait out the ransom or pay it. Remember, there is no guarantee that your files will be recovered if you pay.
Who’s to blame for WannaCry?
IT professionals are constantly on the lookout to keep software protection and operating systems up to date. But as technology gets older, the level of support from companies like Microsoft decreases which creates the opportunity for vulnerability. The issue is that a majority of companies still use the technology, despite it getting older. In 2014 Microsoft announced that it would discontinue support for XP, even though many US gas and electric utility companies reported using XP. This incited fears that power grids and water supplies could be targeted in a cyberattack.
President and chief legal officer for Microsoft, Brad Smith, stated that, “the governments of the world should treat this attack as a wake-up call, they need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”
To build off of Smith, the blame should not be placed directly on Microsoft. As a business professional, you should be treating your technology security with utmost importance by ensuring that your operating systems are always up to date, and that you’re prepared if a cyberattack targets your firm.
Thanks for reading. Subscribe to our blog to receive future updates.