How we protect our data online has never been more important.
The ransomware attack on the HSE systems has thrown Ireland’s attitude to cybersecurity into the spotlight. The cost of bringing the systems affected back online is estimated to be in the “tens of millions” and brought the whole system to a halt.
These sort of attacks aren’t as uncommon as one might think. In 2018, a Finnish health company Vastaamo that operated 25 psychotherapy centres was hacked. The hackers gained access to the files of patients in the centres and threatened to release their information to the public if the patients didn’t pay a ransom of €200 each. Earlier this year Vastaamo collapsed into bankruptcy after it emerged that they tried to cover up the hack.
When you hear the word “hacking”, you might think of The Matrix or Mission Impossible with screens of code and a nerd in a bedroom saying “I’m in”. In reality, it can be as simple as sending someone a legitimate-looking email that contains malicious code.
This is how hackers gained access to $100 million from the Bangladesh Bank in 2016. The hackers sent an email pretending to be someone looking for a job. When someone clicked the email attachment, it would release malicious code into their machine, allowing hackers to take control of it. They were then able to take control of all of the devices on the network over a period of 6 weeks before stealing the money.
Working from home has also brought its own cybersecurity challenges. Many people now require secure, remote access to servers where important information is stored. Any weakness in these can be an easy access point for hackers. Although it’s annoying, requesting that your employees change their password every 30 days can be a good way to keep your networks secure.
Here are some other tips that can help you!
- Install updates as soon as they’re available.
- Never click any suspicious links or attachments in an email.
- Have good antivirus software installed.
- Invest in cybersecurity training for all staff.
- Enable auto lock on all devices.
- Enforce strong password requirements on all work devices.
- Don’t give administrator rights to people who don’t need them.
Finally, if you suspect that you have clicked on something malicious, tell somebody. Whether it be your operations manager or your IT department, they need to know as soon as possible so they can act accordingly. Don’t feel shame and hide it. It can happen to anyone!