This weekend saw data security back in the news with one of the most widely distributed ransomware attacks ever witnessed. Europol reports that’s over 200,000 computers had been affected worldwide in “an unprecedented attack”.
Here at SaaSAge we take data security very seriously. We’re pleased to say that not one of our clients has been affected by the WannaCrypt attack.
However, we don’t want to be complacent. Last month we highlighted how security threats are increasing every day and becoming more sophisticated.
Remember, this breach is unlikely to have come from just a nerd sat in his bedroom while eating pizza, no matter how much the movies would like to give this impression. The attack is more likely to come from serious criminal organisations that have money and resources to launch attacks against businesses. From their perspective, it is much safer than robbing banks so you can understand the appeal.
What data security lessons can you learn from this attack? There are five lessons from the wannacrypt attack to take away:
1. Ensure IT patching policies are in place and machines are up to date
SaaSAge has a methodical process for ensuring that patches and software is updated in a timely manner. It would be a mistake to auto update because sometimes patches cause more problems than they cure. Instead, we ensure that security specific patches are tested and deployed as quickly as possible. Although Windows XP machines are a bit of a scapegoat it does highlight that you increase your risk when you use older software. That is why SaaSAge has an account management program to identify what needs replacing and when.
2. Upgrade your security
Data Security is always going to be a compromise between usability, cost and perceived risk. Consider the cost of being successfully attacked and then mitigate that by implementing low cost solutions that will substantially enhance your data security. For example last month we recommended that our clients upgrade anti virus to a full security suite. The higher your protection the less risk you will have. Talk to us about how we can improve your security.
3. Work towards Cyber Essentials Certification
Cyber Essentials is a government backed two stage certification process that delivers data security testing from an IT perspective. As data security is now in the minds of your clients now is the time to demonstrate to them how seriously you take data security and the precious, valuable data you hold on them. This will enhance your reputation and help avoid your data being compromised. SaaSAge will soon be displaying the CE certificate on our website and we are also offering a range of Cyber Essential consultancy and implementation services for our clients.
4. Ensure you’re preparing for GDPR Compliance
If you hold personal data then you really need to be speaking to SaaSAge about GDPR Compliance now. GDPR legislation comes into effect on May 25th 2018 and rather than just focusing on the IT element of data security GDPR covers the way you manage data and how you can demonstrate that your processes are robust and compliant.
Simon Ghent from GDPR consultancy company Fifth Square commented “GDPR will fundamentally change our current data security legislation however most SME are not prepared for it. Even without the substantial fines for non compliance we believe GDPR can be of real benefit to organisations that want to take data security seriously.”
As a result SaaSAge will be launching GDPR compliance services within the next 90 days. We strongly recommend booking a data security compliance meeting with us as soon as possible.
5. Train your staff to be data security aware
The number one risk to your data security is from user error. Clicking on links, opening attachments, loading infected data – the list goes on and on. SaaSAge realises that employees will never be data security experts, however they can be aware of threats and be taught basic methods of protecting themselves and the organisation they are in. You can now book data security training with SaaSAge. This can be a one off or as a portfolio of recurring on premise and online training sessions. Give us a call to discuss.
The WannaCrypt attack should be a wake up call to all organisations that data security should no longer be an afterthought. It should be at the heart of what your organisation does. Want to know more? Give us a call or email email@example.com