Several months ago, the WannaCry ransomware hacking attack brought over 300,000 computers in more than 150 countries to their knees. It knocked computer systems offline in hospitals, manufacturing plants, banks, and schools and colleges. No one was safe. When it was brought under control about a week later, it became a wake-up call for many IT teams.
Enterprise automation company 1E recently released the results of a poll of IT professionals about their WannaCry response. The findings reveal that security practices were lax in many organizations:
- 86 percent of respondents were unprepared for the outbreak of WannaCry. This led to 70 percent having to put in weekend overtime to get caught up on missing security patches.
- 86 percent —the same percentage that were unprepared for WannaCry—said their organization delays the release of security updates.
- 73 percent of respondents believe that management has failed to give them the resources they need to stay current on cybersecurity.
Protecting your business from ransomware requires a strong defensive strategy. It calls for a coordinated and comprehensive plan, including a robust patch management program, verified data backup control, and ongoing security awareness training for employees — specifically the detection and prevention of email phishing attacks.
Does your organization have a comprehensive and updated incident response plan? The best security practices work best when integrated into an organization’s day-to-day IT security operations program.
Here are some key metrics every business should track regularly to maintain visibility into the strength of their security posture:
- Percentage of systems running the latest anti-virus definitions and operating system
- Percentage of systems installed with the most recently available patches
- Percentage of systems in compliance with data backup/archive targets
Any single factor or combination of factors can compromise data security. Below are five best practices to apply:
- Perform regular, ongoing security risk assessments and audits of your computing environment.
- Keep customer facing systems and applications current with security and maintenance patches
- Conduct regularly scheduled security awareness training for all employees; mandate participation and administer quizzes during training and randomly throughout the year
- Simulate an internal phishing campaign to identify employees who require retraining
- Ensure all employees understand how to report a security incident, such as immediately contacting their supervisor or the security department
Don’t wish your organization could be more secure — make it so.