Last week, the ransomware WannaCry wormed its way into 200,000 computers in at least 150 countries, effectively shutting users out, holding their data hostage and demanding payment.
The Australian Federal Government has confirmed that three private businesses have fallen victim and more are yet to come. Meanwhile, a Perth-based real estate agency has been hacked, resulting in scammers publishing fake rental ads.
With cyberattacks on the rise, proactive prevention is key. Here are five preventative measures to protect your business from malware attacks:
1. Keep software and systems up-to-date
The ransomware WannaCry exploited a vulnerability in Microsoft Windows, with 98% of those infected using a legacy version of Windows 7. Those who updated their systems weren’t affected by the ransomware.
In a statement released by Brad Smith, President and Chief Legal Officer of Microsoft, he said that cybersecurity is “a shared responsibility between tech companies and customers”.
“As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems. Otherwise they’re literally fighting the problems of the present with tools from the past.” In addition to keeping operating systems up-to-date, it’s crucial to update your antivirus, firewalls, browsers and firmware regularly. Be sure to turn on automatic updates to keep your computers protected from ever-evolving threats.
2. Regularly backup your files
You wouldn’t put all your eggs in one basket, so why would you store all your data on one system?
Regularly backing up your files ensures that you have a contingency plan in the event of a malware attack. Be sure to store secure copies of your data offsite and use a backup software for a smoother data restoration process.
If you're backing up your data on an external device, be sure it's physically disconnected and not mapped to your network. Some strains of ransomware can even encrypt data over unmapped network shares! Rest assured that if you're using a cloud software solution, your backups are generally taken care of. However, it's a good idea to check with your software provider for peace of mind. Here at PropertyMe, our property management software is securely hosted on Amazon Web Services and our databases are automatically backed up using 128 bit SSL encryption, which is the same encryption used in internet banking.
3. Use strong passwords like “SwayriM5!”
Strong passwords are essential to protect your business from malware attacks. While many people can agree with this statement, passwords like “123456” and “password” are still widely used. To create a strong password, ensure:
- Your password is at least eight characters long
- It includes a mix of letters (upper and lower case), numbers and special characters
- It does not include recognisable words or names, repeated characters, personal information like your birthday or your mother’s maiden name
- It isn’t something that you’ve previously used
You can try using a memorable phrase that isn’t typically associated with you to create a strong password. For example, “She wore a yellow ribbon in May!” can be condensed into “SwayriM5!” using the first letters of each word.
You can further customise this password for different websites as well. For example, “SwayriM5!_$$” for a bank account or “SwayriM5!_QFF” for your Qantas Frequent Flyer account.
4. Educate your employees
Another way to protect your business from malware attacks is to schedule regular training with your employees to go over cybersecurity best practices. These may include:
- Disabling remote desktop connections when they’re not in use
- Avoiding suspicious links in emails and websites that aren’t secure
- Ensuring all downloads are automatically scanned by the company antivirus
- Removing users when they’ve left the company
- Running programs only when an origin can be identified
- Creating strong passwords and enabling two-factor authentication
5. Protect your business like a castle
Every castle has layers upon layers of security from moats to guards to protective walls. If your business isn’t protected like a castle then it’s much more vulnerable to cyberattacks.
A multi-layered security approach can help you protect your business from malware attacks by making it much harder to reach your data. It should have at least three layers: prevention, detection and response.
The preventative layer should include firewalls, strong passwords, two-factor authentication, antivirus and anti-malware. Meanwhile, the second (detection) and third (response) layers should be in place to reduce impact and speed up recovery in the event of a breach.
With the hackers behind WannaCry threatening a “monthly data dump”, the worst is yet to come for business cybersecurity. Be sure to implement these preventative measures to protect your business from malware attacks before it’s too late.
Did we miss something in How to Protect Your Business From Malware Attacks? Let us know in the comments below.