Following the recent NHS cyber-attack, here is protection advice issued by the City of London Police and National Cyber Security Centre (NCSC).
Key protection messages:
• Install system updates on all devices as soon as they become available
• Install anti-virus software on all devices and keep it updated
• Create regular backups of your important/business critical files to a device that is not left connected to your network
• Do not meet any stated demands and pay a ransom - this may be requested via Bitcoins
• The NCSC guidance includes specific software patches to use to prevent infected computers on your network from becoming infected with ‘WannaCry’ ransomware. Additional guidance on how to protect your organisation from ransomware can be found on the NCSC website.
On a day to day basis:
• Don’t open any email unless you believe the message is genuine.
• Check that the sender and the return email are the same. Delete the message immediately if not.
• Don’t click on any link or attachment unless you trust the sender and you were expecting the link or attachment from them.
• Be particularly wary of emails that ask for account details or passwords or which direct you to sites that ask for those details.
• Don’t try to install any software without first seeking management approval.
• Always err on the side of caution. If you have a concern about any message leave it unopened.
Fraudsters may exploit this high profile incident and use it as part of phishing/smishing (SMS phishing) campaigns so be particularly cautious if you receive any unsolicited communications appearing to be from the NHS.
How to report: If you think you have been the victim of a cyber-attack, you should report it to Action Fraud by calling 0300 123 2040, or visiting ActionFraud. Charities are also advised to report suspected or known fraud incidents to the Charity Commission by emailing RSI@charitycommission.gsi.gov.uk