Information Security Checkup


Are you protected? The WannaCry ransomware wreaked havoc on the world’s information systems this weekend and it continues to spread; and you know what they say, the best time to make sure your information systems are up-to-date is yesterday. The second best time, of course, is now. Trust is infinitely harder to regain than it is to lose, so it’s important you don’t fall into the “it won’t happen to me” fallacy. It’s important you take the time to make sure your firm and your personal information systems are adequately secured.

Here are some bare minimum steps you should be taking to protect your data.

  1. Ensure all of your software is legitimate and up-to-date. WannaCry, as does other malware, propagates itself through flaws discovered in older versions of software. Microsoft patched the vulnerability a month ago, but the ransomware was still able to target systems that had not made the update. It is extremely important to make sure that your software has installed the latest patches. Equally as important is that your software is not so old that it is no longer being supported by the developer.
  2. BACKUPS, BACKUPS, BACKUPS. I can’t stress this enough: you need to consistently backup your data! Attacks such as WannaCry can be easily avoided by just restoring your files from a recent backup. If you’re dealing with your personal system, there is plenty of free software out there to do this, and some low cost cloud options as well. Make sure you can restore your systems easily in case of an emergency.
  3. Don’t click on links from emails until double-checking. Even if it’s seemingly from someone you know, double-check where the link goes first by hovering, or checking with the person who sent it. Better safe than sorry.
  4. Use a password manager. Many problems occur because passwords are too simple and open to a brute force solution by a computer. Additionally, reusing the same passwords on different sites allows easy unauthorized access. Use different, complex passwords on different sites, and use a password manager so you don’t have to worry about remembering all the variations.
  5. Have you been pwned? Check if your email address or passwords have been included in any breaches, and be emailed if it is in any future breaches. If you administer multiple emails across a domain you can check if any are on the lists. If you are; don’t panic! Change your passwords and enable two-factor authentication wherever possible.

All of these might sound a little obvious, but they are simple safeguards to take especially when you are dealing with potentially sensitive information.

 

Leave a comment

Your email address will not be published. Required fields are marked *