NHS security troubles are a timely reminder for businesses

In the last few days, the NHS succumbed to a cyber attack, highlighting the vulnerabilities of all organisations.

The security breach was a “ransomware” attack, code which locked infected computers and denied access to crucial data until users paid a ransom of more than £200.

This highlights what IT experts have been saying for some time: all organisations must take cyber threats seriously.

1. Make sure your security software patches are up to date
2. Make sure that you are running proper anti-virus software
3. Back up your data somewhere else, because you can’t be held to ransom if you’ve got the data somewhere else

• Review and protect access to your network, particularly from the internet. Configuration of internet routers and firewalls needs to be reviewed regularly and any changes strictly controlled.
• Remove unnecessary software. Only use trusted sources of software and control what software can be installed by users
• Audit which users can access which software, files and data. Make it the minimum possible level for them to work and accept some inconvenience when they need access to new areas
• Control use of removable storage like pen drives, use encrypted drives only and consider blocking their use to prevent injection of malware and removal of data
• Provide staff awareness training of the nature of attacks, how to prevent them and also what to do if an attack happens

Sadly one of the most vulnerable parts of your defence will be your staff, who will be targeted individually by fraudsters to defraud the company, or be tricked into clicking on links or giving permission to install software that attacks or monitors use of the systems. Staff training really can’t be ignored as part of the company’s defence and an acceptance that some impact of the way people work may be necessary to minimise threat.

StoneHouse Logic now offers a specific service to ensure and certify clients to Cyber Essentials and help with both the certification process and importantly also provide the audit, changes and management of IT systems in the business to achieve and maintain this level of assurance.For further information, see the UK government’s response is available from the National Cyber Security Centre here. Advice for home computer users, which you may wish to share with your employees, is available here. To report instances of cyber crime, or to access free, impartial advice, contact ActionFraud. And find out more about the Cyber Essentials scheme here.