Still stuck with Windows 7 ?
If you are stuck still running Win 7 for whatever reason, your vulnerability to Cyber attack will increase steadily, as new flaws in the unsupported software are exposed. If you can’t upgrade to Win 10, then the following options are recommended.
1. Disconnect PCs totally from the internet if possible.
2. Limit internet use to minimum
3. Do not use these PCs for E mail
4. Do not store any sensitive data on these PCs
5. Isolate from Networks if possible
6. It is possible to install Linux (Which is supported) to your PC and still run Win 7 alongside it
Windows 10 Vulnerability
It is widely been reported that vulnerabilities in Win 10 have been exposed – however Microsoft have issued updates to resolve the issue. Ensure that all your devices have had the recent updates applied.
Do you rely on staff to allow or initiate updates as they come through ?? Do they do this on receipt or are your devices left exposed unnecessarily ?? Time to initiate automated updates which staff can’t delay ?
Travelex suffer devastating Ransomware attack – Lessons ?
On New Years Eve , Travelex systems across many parts of its operations were shut down having fallen prey to a Ransomware attack. Many of its customers were left unable to collect their currency and their staff had to resort to paper and pens ! Some weeks later they were still struggling to get systems back online – devastating for all concerned & the reputation of this high profile business.
Reportedly, the attackers were able to utilise some known vulnerabilities which the business had not addressed over a period of time; despite warnings. The hackers have also made claims to having downloaded personal data of Travelex customers , which would clearly escalate an already serious breach; however the ICO stated that they had not been informed of a breach. The hackers are demanding £4.6M to unlock files and not release the stolen data they claim to hold.
So what can we learn ?
- Do not delay installing critical updates / patches – the potential cost of any associated downtime to do it; will be peanuts compared to the loss of systems left exposed.
- Ransomware attacks in the UK are snowballing monthly and therefore business has to be prepared for them.
- Ensure all your data is backed up and back ups are readily accessible.
- Develop a planned strategy (BC Plans) on how you would purge your systems of Ransomware and re-install your back up data and the resources needed to do this.
- Determine how long your recovery could take and what alternative working arrangements could be implemented as part of your continuity planning.
- Test your continuity plans regularly, to ensure their effectiveness and are understood by your staff.
- If you are unsure if a breach has occurred, it would be better to inform the ICO yourself within the 72Hr deadline; than them finding out via the media !
Should you pay a ransom demand ?
Don’t allow yourself to get into the position of having to consider it. Effective continuity planning will negate the need to pay them.
If you pay the Hackers there is no guarantee you’ll get all your data unlocked – at the end of the day these people are criminals, fair play doesn’t come into it !!