Today Monday, May 15, 2017, it is important to realize what we have learned after the tremendous attack suffered by institutions and companies last Friday, May 12. They are non-technical ideas, they come from common sense, and should help us avoid or mitigate similar incidents in the future. So:
- Against SPAM and malware: It is not enough to have a good anti-spam, anti-virus and anti-malware service. It avoids us many threats, but we can not be 100% calm.
- Against the technique called “social engineering”: The human factor, by its unpredictability, is always the weak link in the chain. Training and awareness help reduce risks, but we can not stay 100% relaxed.
- Against Software Vulnerabilities: Follow the software update plan recommended by the manufacturer. There is no perfect application, and it is logical: there are many situations not tested in its use, and this causes bugs and security problems. Therefore, a good patching policy and of course, proper licensing and maintenance, are needed for the best protection, but we can not remain 100% confident.
- Against the requests for ransoms: Paying a ransom does not guarantee neither the return of the information nor that they do not attack you again.
- Against Loss of Information: The last lifeboat is the backup. And for that, better dispose of a good copy outsourcing plan. We strongly recommend that you review and update your backup policies by periodically testing your backups. But we can not stay 100% quiet either …
This attack, although mediatic by its wide affectation, has not been neither the first attack of the history, nor will be the last one. Neither has been the most important nor the most harmful. It has been one of the many that will follow. So, the most important thing is to develop a good safety plan and recovery of waste. And that plan should include clear communication guidelines to our customers, so that it does not affect the company’s image. Because what is certain, is that someday, some attack will affect us in the first person. The question is not when. It is to be prepared for it, and to know how to react as planned.