From Adobe to PlayStation and Yahoo to LinkedIn, the digital age of the 21st century has almost become synonymous with the word malware. From a technical point of view, this is called a data breach, where personal data is lost, disclosed, altered, or destroyed.
If your business finds itself on the receiving end of a hack or data breach, it can be easy to panic. But it would be best not to let the situation become more problematic by delaying any action when you have been the victim of a hack. This blog post will look at some simple steps you can take when experiencing a hack.
Please note that Natural HR is not legally qualified to provide IT security information to UK businesses. Any content in this article is based on best-practice advice, and should you experience a hack, Natural HR recommends contacting a specialist advisor.
What are malware and ransomware?
Whilst there are different types of cyber-risks that your business could fall foul to, these are typically, but not always, grouped into two categories: malware and ransomware.
But what is the difference?
Malware is malicious software, which – when run – can cause harm in many ways, including:
- Causing a device to become locked or unusable
- Stealing, deleting or encrypting data
- Taking control of your devices to attack other organisations
- Obtaining credentials that allow access to your organisation’s systems or services that you use
- ‘Mining’ cryptocurrency
- Using services that may cost you money (e.g. premium rate phone calls).
Meanwhile, ransomware is a type of malware that prevents you from accessing your computer (or the stored data within it.). The computer itself may become locked, or its data might be stolen, deleted or encrypted. Some ransomware will also try to spread to other machines on the network, such as the Wannacry malware that impacted the NHS in May 2017.
What actions should you take to minimise the risk?
If you are the victim of a cyberattack, what can you do? The government National Cyber Security Centre has published four simple steps that your organisation can implement to secure itself from potential malware and ransomware attacks.
Action 1: Make regular backups
Up-to-date backups are the most effective way of recovering from a ransomware attack and should form the basis of any IT cybersecurity policy. To minimise the risk of a hack, you should:
- Make regular backups of your most important files in a secure manner at regular intervals to ensure you have up to date files.
- Ensure you create offline backups that are kept separate, ideally offsite, and away from your active network and systems, or in a cloud service designed for backups.
- Make multiple copies of files using different backup solutions and storage locations. You shouldn’t rely on having two copies on a single removable drive, nor should you rely on multiple documents in a single cloud service.
- Make sure that the devices containing your backup are not permanently connected to your network.
- Ensure that backups are only connected to known clean devices before starting recovery.
- Scan backups for malware before you restore files.
- Regularly patch products used for backup so attackers cannot exploit any known vulnerabilities they might contain.
Action 2: Prevent malware from being delivered and spreading to devices
You can reduce the likelihood of malicious content reaching your devices through a combination of:
- Filtering only to allow file types you would expect to receive.
- Blocking websites that are known to be malicious.
- Actively inspecting content.
- Using signatures to block known malicious code.
Action 3: Prevent malware from running on devices
You should therefore take steps to prevent malware from running. The required measures will vary for each device type, operating system, and version, but you should generally use device-level security features. Organisations should:
- Centrally manage devices to only permit applications trusted by the enterprise to run on devices.
- Consider whether enterprise antivirus or anti-malware products are necessary, and keep the software up to date.
- Provide security education and awareness training to your people.
- Protect your systems from malicious Microsoft Office macros. Likewise, restricting the ability to install add-ons to software.
Action 4: Prepare for an incident
Malware attacks, in particular ransomware attacks, can be devastating for organisations because computer systems are no longer available to use, and in some cases, data may never be recovered.
The following will help to ensure your organisation can recover quickly.
- Identify your critical assets and determine the impact to these if they were affected by a malware attack.
- Develop an internal and external communication strategy. The correct information must reach the right stakeholders in a timely fashion.
- Determine how you will respond to the ransom demand and the threat of publishing your organisation’s data.
- Identify your legal obligations regarding the reporting of incidents to regulators, and understand how to approach this.
What actions you should take to minimise the risk
Plenty of further reading and services can help you protect your organisation from malware and ransomware attacks. The UK Government’s National Cyber Security Centre is among the best source, which provides businesses with accessible and practical advice on securing IT systems within your business.
Further resources are available at the following links:
Report: Cyber security incidents can be reported to the NCSC by visiting https://report.ncsc.gov.uk/.
Cyber Incident Response: The NCSC runs a commercial scheme called Cyber Incident Response, where certified companies support affected organisations.
How Natural HR’s platform protects your data
Natural HR takes every step to secure clients’ data; simple steps include using UK-only data centres based in Manchester with a complete backup program to a data centre in Leeds.
Likewise, these data centres have been certified to the required international information security standards, with UKFN being certified with:
- ISO/IEC 27001:2013
- ISO/IEC 27017:2015
- ISO 22301:2012
- PCI-DSS Compliant
- Cyber Essentials Plus
- Approved through the G-Cloud 11 Framework
To learn more about Naturals HR’s security function, including 2-factor authentication and password requirements, you can read more about it here.