At the end of January tyre fitter Kwik Fit confirmed that its network had been infected and its systems knocked offline. The company was forced to cancel bookings and customers vented their anger on social media. The pharmaceutical sector has also been caught out – as far back as 1991 there is a report of virus in the pharmacy of a hospital and Merck was the victim of a cyberattack in 2017.
So what can you do to stay virus free?
1. Install protection
Some viruses are simply mischievous and irritating, but others are a serious threat. No form of inoculation can ever be perfect, but installing an anti-virus package from a reputable software vendor is a crucial first step. Some suppliers charge but free versions are available from the likes of Avast and Microsoft.
2. Update and scan
A computer virus is like one which infects a living organism; over time it’ll morph as designers seek to work around the protections that security software puts in place.
Regularly scanning a computer or network for downloaded or installed threats is an absolute must. It ought to be done daily but should be carried out at least once a week. Scans are intensive and can cause a system to grind to a halt so should be timed for an off-peak moment.
3. Update the operating system
Windows and Mac systems need regular updating. They are hugely complex, run to millions of lines of code and are riddled with vulnerabilities; it’s the reason why developers perpetually issue software updates and fix security issues. Turn auto update on.
4. The network is at risk
Failing to secure networks can leave online devices permanently under threat. The problem is exacerbated when devices are left with both default names and default passwords as this helps hackers see what is connected and so guides an attack.
The advice is to change the device name and password as soon as it’s connected. WiFi, once set up, should not broadcast its existence. This means turning off what is called the ‘SSID’. Passwords should be strong – select at the minimum WPA or WPA2 encryption.
If visitors are to connect to a network, ensure they’re using a router with a guest network which allows access to the web and nothing else.
5. Strong passwords
Passwords are a huge risk. It is essential they’re never reused. Those that have been compromised will put other accounts at risk.
To create a strong password, avoid names, places, pets or dates of birth. Use a long mixture of upper case, lower case, numbers, and symbols. Search for an online password generator. Passwords should be changed frequently and when an employee leaves.
6. Put sites off limits
Staff policies should cover what can and cannot be done online. This means detailing which websites can be visited, and that no software is to be downloaded or installed.
7. Be private
Staff should be made aware of ‘social engineering’ where a plausible caller persuades staff to give away private data. Staff should never give out private information without being certain of the person or organisation asking. The same applies to social media posts. Theft by social engineering is much easier than expending effort on hacking systems.
8. Staff devices
Threats come from staff connecting devices to the company network or their computer. Thought should be given to limiting access to the firm’s Wifi or physical network. The same applies to USB devices – fraudsters have been known to drop an infected USB stick in a car park so that an individual will pick it up and connect it to their computer to see what’s on it.
9. Back up
Planning for disaster should be part of regular housekeeping. Backing up data onto several separate devices regularly, and keeping them off site at different locations is critical. Consider a combination of methods such as external hard drives, offsite computers and cloud storage services such as Dropbox; encrypt the devices in case they fall into the wrong hands.
Assuming that a business is unlikely to be attacked is a foolish stance and once that will lead to disaster. All it takes is a lucky find by a hacker combined with easy access for the rest to be history.
Click here for more information from the National Cyber Security Centre