As a follow up to our cyber security alert from last week, preparing to protect against an event like the recent "WannaCry" global ransomware attack can include a range of IT, business operations and legal steps. Specifically, these steps can be broken down into two types, immediate actions and long-term actions.  

Immediate actions can include:

  1. install all appropriate patches on all at risk computer systems;
  2. backup all of your computer systems;
  3. require users to change their system passwords today to something they have never used before and that does not have any relation to anyone or anything in their lives;
  4. make sure each system has a good virus detection program installed and running;
  5. perform maintenance on each system to clear them of any residual malware, spyware, etc. issues;
  6. automatically block/delete known problematic email attachments associated with viruses, worms, malware, etc., for example, .VBS, .BAT, .EXE, .PIF, and .SCR files; and
  7. if you don't have a current inventory listing of all computer systems and what their configurations are, perform a hardware & software configuration inventory audit to ID at-risk systems and then return to 1;
  8. provide new/refresher training on how to avoid phishing emails, malware, etc.;
  9. require ALL new hard drives and/or USB drives be checked and cleaned by the IT department BEFORE they get plugged into a company computer system.

Long-term actions can include:

  1. install active threat protection/intrusion detection hardware and software;
  2. if it does not exist, implement a structured plan/process to timely install all patches when released;
  3. replace old, out of date software and/or operating systems and prohibit or severely restrict the use of BYOD;
  4. implement and enforce a strong password policy with multi-factor authentication;
  5. classify and segregate data based on levels of security (i.e., sensitivity or importance, a.k.a., level of reputation loss, cost and pain to replace that would be incurred should it be stolen);
  6. regularly update and maintain a current inventory listing of all computer systems and their configurations;
  7. consider cloud storage of all data;
  8. add protection for mobile devices, including wipe services, so in case a device is lost or stolen, IT can wipe all sensitive company data from the device;
  9. prepare and implement a system-wide cybersecurity program, including a cybersecurity protection plan, including desktop and/or live testing exercises, ongoing and continuous employee training and compliance monitoring, and regular stress testing of the compliance program;
  10. develop a written breach response plan and test and implement it;
  11. establish, implement and maintain a daily system backup process and off-site backup storage and retention process; and
  12. update software license agreements to cover the actual number of installed copies located in the software inventory audit.

Of course not all companies have the exact same systems and requirements, so some of the above may not apply to everyone, but hopefully some or many of the above suggestions will be helpful to each and every reader of this blog.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.