If the NHS can’t stop ransomware then how do small businesses?

Author
Ian Maxted
Safer Cyber Coordinator | Gloucestershire Constabulary
25th May 2017

In the early aftermath of the widely reported NHS WannaCry ransomware incident, we continue to explore the extent of cybercrime facing our online society. The Safer Cyber strand of the Police and Crime Plan for Gloucestershire exists for this very reason.

Whilst this was a publicly reported incident, it happens on a regular basis to businesses across the globe and whilst ransomware attacks can have a significant negative impact, this can be minimised by following the advice freely available.

WannaCry is just one example of an ever growing number of ransomware instances that ultimately encrypt your data and hold it to ransom in exchange for a virtual currency like Bitcoin. With a global reach, this particular case has potentially generated a large source of income for the criminals behind it.

Some may have read about the NHS woes as a result of WannaCry and feel that if an organisation that size can’t protect itself then what chance do they have?

When Desiderius Erasmus said ‘Prevention is better than the cure’, he couldn’t have been more right and when it comes to cybercrime, whilst there are no magic bullets or guarantees, following some basic principles will help significantly reduce the likelihood of compromise.

If you’re a business with little IT capability and like most other modern businesses, rely upon your IT to deliver your product, then consider looking at the National Cyber Security Centre’s 10 Steps to Cyber Security and the Gloucestershire Safer Cyber Forum for both preventative advice and cybercrime alerts and news.

With plenty of resources out there to help reduce the likelihood of such an attack affecting your business and the sheer volume of cybercrime, the recent WannaCry incident is a timely reminder that this should be a regular topic of discussion in every board room and that we cannot simply bury our heads in the sand.

If those preventative measures didn’t work, then minimising the impact on your business is the next step. If you have your backups in place and they are done regularly, then restoring your data post clean-up is the simplest method and far better than paying the criminals, further encouraging them to continue their attacks.

In some cases there are free ransomware decryption tools available and nomoreransom.org  provides such a service, where applicable, as well as some very good preventative advice.

Our collective challenge continues to get digital risk, or cyber, into the boardroom as a standing agenda and to raise awareness that so many of these issues can often be prevented.

Notwithstanding the technical element, we mustn’t lose sight of the fact that our staff will always be our biggest weakness and ensuring that we train our staff to look out for the danger signs and respond accordingly should be and remain one of the top priorities for protecting and business.

Keep an eye on the Gloucestershire Constabulary website for upcoming cybercrime prevention events where you can come and speak with our staff about any such concerns you may have for you, your business or your staff online safety.

About the author

Ian is a former ethical hacker with over a decade of operational policing experience. Applying both of these skillsets and experiences, Ian uses his passion for technology to help reduce the risks of becoming a victim of cybercrime, reducing the impact of such an incident where it does occur and help drive new and effective ways of expediting Police investigations in a digitally reliant society.

  • Quick professional advice

    Get 30 minutes of free advice over the phone from a local legal, accountancy or HR firm.

Do you want to join the conversation?

Sign up here
  • Expert business guides and reports

    Whatever your business issue, our Resources section has a downloadable guide for you.

  • 21,000 businesses trust us to help them start, grow, innovate & export - as well as lobby government on their behalf.