Less than a week ago, hackers carried out what has quickly become the worst digital disaster to strike the internet in years, crippling transportation and hospitals globally.
What happened? Well, in simple terms, hackers emailed users a malware called “WannaCry.” Once WannaCry enters a person’s PC, it locks all the files it finds and locks the user out of the system until he or she pays a fee…hence why it’s called “ransomware.”
According to the article titled Global cyberattack: A super-simple explanation of what’s going on, “WannaCry takes advantage of a vulnerability in Microsoft Windows. The software tools to create the attack were revealed in April among a trove of NSA spy tools that were either leaked or stolen. The tools were made public by a hacking group called the Shadow Brokers. Microsoft released a security patch for the vulnerabilities in March. But many corporations don’t automatically update their systems, because Windows updates can screw up their legacy software programs.”
While the ransomware reached hundreds of thousands of computers in more than 150 countries, the U.S. wasn’t as badly hit because a cybersecurity expert was able to slow the spread of the malware before it could do much damage here. But this doesn’t mean you’re off the hook just yet. If your computer or network hasn’t recently been updated, you’re still at risk because the ransomware is lurking.
So what should you do? There are many steps you can take, and I’ve outlined just a few below.
- Educate employees. Make sure your employees are aware of the threats. Encourage them to be hypervigilant and communicate to them what is going on. For example: This week, Holmes Murphy’s own Information Security team sent an email to all of our employees warning of “WannaCry,” what it is, how it works, and what to look for.
- Keep all the software on your computer up-to-date. Enable automatic updates. If you don’t have the latest software update, make sure you get that taken care of right away.
- Be leery of emailed attachments. Do not open attachments in emails from someone you don’t know (and simply be skeptical of attachments or links in general). I think a good rule of thumb is if you aren’t expecting an email from someone with an attachment, use good judgement. If it doesn’t look right, it never hurts to reach out to the sender.
- Review your insurance policies. Ransomware does not discriminate, so you must always be prepared. Even if you don’t have sensitive data, this is a huge risk that could cost you a whole lot of money. Having a policy in place with strong and clear cyber extortion wording is key to assisting in protecting your balance sheet from the potential downfall of a super worm like this. If you’re not sure what that wording should look like…talk with your insurance agent or broker to review your options and make sure what you’re paying for covers the risk you face.
Also, don’t hesitate to ever reach out to us at Holmes Murphy. Trust me, WannaCry isn’t the only threat that’s lurking. Don’t want until it’s too late to make sure your assets are covered.