kv Blogs
1 September 2017

What Businesses Can Learn from the Recent Ransomware Scandal

It’s been a difficult couple of months for UK readers in particular, with terrorism, fire and the uncertainty of a hung parliament giving rise to the feeling of being attacked from all angles – and the huge-scale ransomware attack which crippled the NHS in May certainly didn’t help to assuage feelings of vulnerability. The attack reminded many that, far from being a safe, anonymous space, the Internet can hide any number of cyber-criminals and organised crime gangs.

Given the current political climate, we should all be mindful of the importance of ensuring we don’t fund these groups by falling victim to their crimes. As a Tej Kohli business, the fundamental importance of cyber security is paramount at Kohli Ventures – having been founded by a tech entrepreneur, we understand the devastating potential forvulnerabilities in technology to be exploited. Here, our experts weigh in on the key lessons business owners should take away from the WannaCry scandal, to minimise their businesses risk of falling victim to a similar crime.

1) Investing in IT Maintenance is Crucial

Ensuring that all software and IT systems are up to date with the most recent updates installed isn’t optional, it’s fundamental. The larger your organisation, the harder this is to manage, so it’s important to underline the importance of IT vigilance in each and every employee. Your management team should understand that they are responsible for ensuring conformity within their department – and you should make sure that you don’t skimp on the latest protective tech. Firewalls and anti-virus software should be in place on every device – it only takes one breakthrough for a virus to spread rapidly through your business.

2) Staff Awareness is Critical

There are many simple protective measures which employees can take to minimise the risk of an attack – so simple, in fact, that you may assume they’re self-evident. They’re not! Encourage staff to change their passwords every 90 days (or, if you have the money to spend, compel them to do so through automatic software). Stress the importance of not opening emails from unknown senders, educate them about phishing scams and fake emails – many people received education on these types of scams so long ago that they have no idea how authentic these scams can appear. In addition, you should enforce regular back-ups for all team members who have access to key information. These simple measures can play a deciding factor further down the line.

3) Have a Continuity Plan

The most devastating effect of the NHS attack was not that a virus slipped into their midst, but that the effect of the virus (and failure to limit it) resulted in patients not receiving necessary care. Who would be affected should your business suffer an attack, and what can you do to minimise its harm? These attacks are becoming commonplace, and having a contingency plan in place to contain their effects should be a key part of any modern businesses risk management strategy. Make sure that invoices, important documents and sensitive information is stored separately to your daily operating systems, and limit access to a ‘need to know’ basis, so that the consequences of any attack are contained.

These simple measures can greatly limit your vulnerability to cyber-attack. The key here is vigilance: the first step to cyber security is recognising how ubiquitous these attacks are becoming and taking action. Don’t make the mistake of thinking that, just because WannaCry didn’t reach you, your business is safe.