The recent WannaCry ransomware attacks have pushed cybersecurity to the forefront of people’s and organisation’s awareness and concerns, again.
For many of us who weren’t affected it sounds like an inconvenience, but also like one of those things that impact other people. If our world were not as connected as it is that would probably be true, but in our hyper-connected world what affects me contaminates you too.
I was working in Saudi Arabia when the Shamoon cyber attack was launched against Saudi Aramco. In one attack 35,000 computers in the largest company in Saudi Arabia – that manages the oil upon which the country depends – had their hard drives destroyed. Overnight every large organisation in the Kingdom battened down their cyber hatches and for weeks doing any type of online work was a nightmare. With 200,000 companies, and tens of millions of computers and servers, around the world affected by WannaCry the potential economic and business consequences are significantly more substantial.
What we need to realise is that our cyber presence is just as susceptible to criminality and “virtual violence” as our physical presence is. Just as we take precautions in the physical world we need to take them in the cyberworld….. and, just as we accept the possibility of being victims in the physical world regardless of our security awareness, we need to accept the same in the cyber.
It is also important that we avoid the paralysis of paranoia. In the real world it is possible to become so preoccupied with the potential of criminal victimisation that we stop living life, or have the joy robbed out of it (becoming de facto victims without a criminal even doing anything). As our digital identity and presence becomes an increasingly significant part of our life we need to do what we can, but not become so stressed that digital security makes our cyber activity so burdensome it undermines any benefits our life may enjoy.
Some practical things to do.
I’m going to assume that you have virus scan software installed and keep it up to date and run it regularly.
I’m also assuming that you don’t visit dodgy websites that ask you to enter your admin password to install suspicious software…. and if you visit the sites you don’t install the software.
My final assumption is that you are circumspect in the way you manage attachments and downloads through your virtual communication channels.
With these assumptions in place…..
Be up to date with your updates. Most machines that are infected with viruses and malware have it happen because the users haven’t executed the regular patches and updates sent by software developers. There is a caveat here…. unfortunately, the patches aren’t always stable or may disrupt other applications that no longer work after an update. This is one of the reasons so many NHS services in the UK were vulnerable to WannaCry. In these cases it becomes a risk management exercise. Should you choose not to install a patch or update, put other processes in place to mitigate the exposure and offset the infection risk.
Do multiple back ups. By this I’m not only talking about regular back ups to the same place or device. Have backups on more than one device. It is even advisable to stagger backups across the devices. That way if one back up device is compromised by an attack or infection there is another that is only one version older than the most recent, which more than likely has not been compromised.
Manage your backups smartly. Cyber security experts speak of the most safe devices as being “air gapped”. This means that they are never connected to the internet or a device that is connected to the internet. This way they cannot be accessed externally and hacked or infected. For most of us this is not a a practical possibility. But, we can pseudo-airgap our backups. It is convenient to have our backups connected to our network where they are updated automatically according to a schedule. We should, however, have at least one back up device that is plugged in for a back up, and then unplugged when it is completed. This minimises its exposure to the internet and network and mitigates any potential issues. Graeme Codrington, one of our team members, goes one step further and has one of his back up drives stored away from his home and office in another city. That way if there is every a geographic issue, or “act of God” that impacts his back ups he always has a version he can get in an emergency.
Change to a new operating system. While Linux, and Apple’s Mac OSX and iOS are beginning to experience targeted attacks the reality is that Microsoft’s Window’s and Google’s Android operating systems tend to be targeted more frequently, and more effectively. If you have to use these more exposed operating systems make sure that you are using the most recent versions. The WannaCry infection was significantly accelerated by the number of computers still using the Windows XP operating system. What was a security gap in the code of Windows 10 was a hole that a bus could drive through in Windows XP. Despite the fact that Microsoft stopped supporting XP in 2014, they released a security update for it to deal with WannaCry…. but, there is no guarantee that they will next time. And, they are definitely not focused on the multiple other botnet, virus, trojan horse, and malware antagonists that already target old operation system vulnerabilities.
The final piece of practical advice is to turn off, and disconnect your computer when you aren’t using it. Bonnets and other malware co-opt the dormant processing power of our machines to link them into vast globally distributed super computer networks that drive spam and other darknet services. It is also during these times when we aren’t watching what is happening on our machines that infection activity runs untracked. Turn your computer off and unplug it from the net, and nothing can happen….
There are no guarantees that any digital device user will be immune from attack, infection, or cyber compromise, but simple logical actions in our cyber awareness – just like in our physical world awareness – can mitigate our chances of becoming the next victims.
We dig deeper into this topic in the Future of Work Academy in the month of May where Graeme has provided our members with an even more in-depth cheat sheet on how to protect yourself online.
The Future of Work Academy is our teams contribution to equip our clients with access to content that has been developed to help you become future fit. Each month our team provides our members with the practical resources required to successfully adapt and acquire the skills needed for success in the Future World of Work. For more information on the Future of Work Academy please visit www.thefutureofworkacademy.com where you can sign up to be a member of the academy.