The recent high-profile ransomware attack on Garmin has once again highlighted the need for cyber security vigilance. This security breach left the majority of Garmin products and services inoperable for up to five days and the company allegedly facing a ten-million-dollar ransom demand.
There have been countless similar incidents, with the most well-known being the 2017 WannaCry ransomware attack. An estimated three-hundred-thousand devices across 150 countries were infected. Victims included the UK’s National Health Service, which had up to seventy thousand devices (computers, medical fridges, MRI scanners, telephone systems and other medical equipment) compromised. Medical staff found themselves back to using pen and paper, patients were turned away and appointments cancelled.
Companies or individuals who think such an attack is unlikely to happen to them, should be mindful of the fact that cyber-attacks are often orchestrated by software bots. These bots search for network vulnerabilities and do not necessarily need human intervention to identify and attack your IT infrastructure.
Unfortunately, it is practically impossible to be 100% protected from cyber-attacks. However, similar to protecting your home, by locking doors and windows and installing a burglar alarm, implementing a few simple and practical tips can significantly reduce your risk:
- Keep regular, up to date backups of your data. Backups should not be connected to your computer, as backups accessible from a compromised device, may be rendered inaccessible in the event of an attack. Cloud backup solutions are a cost-effective method to automate your backup process and provide security protection.
- Install anti-virus software and a firewall from a reputable provider. Ensure this software scans your incoming email and is automatically updated to protect you from the latest threats.
- Keep all software and operating systems up to date with the latest releases and security patches. Enable automatic updates on your operating system. Security patches are released to protect against emerging threats and newly discovered vulnerabilities. Software without security patches, will be vulnerable to the threats, the patches were implemented to protect against.
- Do not open attachments until you have verified that they are from a source you trust and have confirmed with the sender that the attachment came from them.
- Do not click on suspicious links, as these may install malicious software to your device or network. This one is worth repeating – DO NOT click on suspicious links.
- Only download PDFs, software, or any other files from reputable and trusted sites.
- Do not publicise personal data which could be used to target you or your organisation.
- Never plug in a USB or other storage device from an unknown or untrusted source.
- Use a VPN when accessing the internet or your network, via public Wi-Fi.
- Remove all unnecessary software from your computers and mobile devices. Every piece of software is a potential entry point to your system; hence it is always a good idea to minimise the number of installed apps.
- Not all breaches are remote. Some breaches result from an attacker with physical access to a machine. Ensure all devices are screen locked and password protected when not in use.
- Provide security awareness training for all your staff and anyone accessing your network or using your devices. Not sure where to start – ask them to read and most importantly, implement these tips.