A cyber-attack using WannaCry ransomware, which hit organisations in 150 countries around the world including the National Health Service in the UK, reinforces the need to keep computer hardware and software as up to date as possible.
Software giant, Microsoft, said the attack should be treated by governments around the world as a “wake-up call”, and blamed them for storing data on software vulnerabilities which could then be accessed by hackers.
It says the latest attack exploited a flaw in its Windows operating system which was first identified by, and then stolen from, US intelligence. The virus took control of users’ files and demanded payments to restore access.
What can users do?
Microsoft said it had released a Windows security update in March to tackle the problem involved in the latest attack, but many users were yet to run it. The message from Microsoft was to ensure that all Windows updates were downloaded as soon as they were available.
The spread of the WannaCry ransomware attack was said to have affected more than 200,000 computers in various businesses around the world. It was not known how much money had been paid in ransoms to hackers to restore vital systems.
Who has been affected?
The problem has been truly global. Affected organisations and countries have included the Interior Ministry in Russia, where 1,000 computers were said to be infected; France where Renault had to stop production at some of its factories; Spain where telecoms and gas suppliers were hit; the NHS in the UK where 61 organisations were disrupted; and in the US, where delivery firm FedEx was affected by the virus.
What should businesses do to stay secure?
To protect your organisation against the financial risks of a security breach or data loss, businesses should ensure that their IT manager is implementing the following measures, as advised by the Information Commissioner’s Office.
- All computers should have a firewall, spyware and anti-virus software installed
- Operating systems need to be able to receive automatic updates
- Patches or security updates should be downloaded to cover vulnerabilities
- Employee internet access should be limited to sites they need to complete their job
- Employees should be advised not to share passwords.
With regards to sensitive data, businesses need to ensure that it is encrypted, backed-up regularly and that the back-ups are stored at a separate secure location, which is a legal requirement.
To ensure data is protected at the end of a computer’s operating life, businesses should either destroy the individual hard drive or use specialist software to effectively ‘wipe’ the hard drive.
In addition to the preventative measures mentioned above, a business also needs to ensure that it is compliant with all industry-relevant data regulatory bodies, such as the Financial Conduct Authority (FCA), the Payment Card Industry Data Security Standard, ISO 27001, and the Data Protection Act 1998. Failure to comply could result in hefty fines.
Prevention is better than cure
If you believe your organisation needs to bolster its security and back-up procedures to protect itself against the current and any future intrusion, then first you have to make sure you have the right tools for the job.
The hard facts are that failure to refresh IT hardware and software on a regular basis can result in catastrophic consequences for companies of all sizes and sectors.
To avoid the potential hazards and the accompanying headaches, what is first required is an in-depth understanding of which applications are running on which platforms.
This must then be combined with a long-term investment strategy which will ensure that all IT functions are renewed or refreshed on a regular and on-going basis.
What is the best means of investing?
Businesses wishing to invest in new IT assets can do so in a variety of ways, and increasing numbers of firms are turning to asset finance as a means to acquire the technology they need.
Asset finance delivers the very latest technology at the lowest possible entry cost, enabling companies to keep up with changes and ensure their IT systems are always operating at peak performance.
Independent finance providers, like Maxxia, are expert at providing the appropriate funding for a whole series of asset classes, including IT equipment, new vehicles, plant and machinery, agricultural machinery – and many more.
At Maxxia, we are not security specialists but we can give your organisation risk-free access to the latest security solutions without the initial capital expenditure.
As an industry-leading asset finance company, we can help you source the best technology and also create manageable monthly payments. When you need to upgrade your equipment, we’ll simply remove the old tools and provide you with the latest versions on a new lease.
The result is that your company can be protected against the latest security threats and comply with even the strictest regulatory bodies – all without a large investment, tying up capital or the need to worry about residual asset value.
If you would like to find out more about the IT finance options available at Maxxia, then please get in touch. We have also provided a handy guide to IT security which can be downloaded here http://info.maxxia.co.uk/itsecurity