We’ve all seen recent news coverage of the WannaCry ransomware, which to date has spread to over 150 countries. The malware was able to evade detection by antivirus, and spreads to any connected Windows device that hasn’t been updated on a network. Although a single source and delivery method hasn’t yet been isolated, WannaCry can be delivered via phishing emails and embedded into documents or corrupted websites.
In order to protect your sensitive data, always practice good cybersecurity hygiene. ES&A’s Sam Sneed offers these tips:
DON’T TAKE CANDY FROM STRANGERS (aka IF IN DOUBT, DON’T CLICK) Malware like WannaCry can be delivered in PDFs, Word docs, or other attachments in emails. Malware can also be downloaded by clicking hyperlinks. If you are in doubt about an email, message, website, etc., independently confirm the identity of the sender (e.g., by calling a phone number you know to be valid).
DON’T EAT THINGS OFF THE GROUND (aka BEWARE OF FREE LUNCH) Think before you connect to an unsecured network (one without a password) or a public network (e.g., your local coffee shop with the shared password) using any device that connects to your home or work networks (laptop, phone, iPad, flash drives, etc.). If you are opening files or clicking on hyperlinks, be conscious of the source and scan anything you are unsure of.
DON’T SHARE COOTIES (aka THINK ABOUT ALL NETWORKS YOU INTERACT WITH) Remember that there is risk even in connecting to networks that are password-protected. Consider how you treat your WiFi at home (e.g., do you know where your family has been connecting their devices?).
WASH YOUR HANDS AND TAKE YOUR VITAMINS (aka USE YOUR SCANS AND READ YOUR ERROR MESSAGES) If you’ve connected to an outside network with unknown or questionable security practices, run a full antivirus scan before connecting the device to your home or work network again. KEEP YOUR SOFTWARE UPDATED AND PATCHED.
DON’T LEAVE YOUR THINGS LYING ABOUT (aka MIND YOUR PASSWORDS AND OLD DATA) Remember that passwords should be updated on a regular basis (1x a year is a good starting point) and should be saved mindfully (minimize Post-it® usage). Passwords should not be repeated, and should maximize character space (a very strong password should be 12+ characters using upper and lower case letters, a number, and a special character). Have a digital spring cleaning: Implement a data retention and destruction schedule.
LOCK YOUR DOORS (aka REMEMBER PHYSICAL SECURITY) Please use a lock screen, password, etc., on mobile devices and storage units. Be mindful of what information is visible and accessible to visitors to your office.
See Sam’s presentation on “Cybersecurity Hygiene … because you might be picking your friend’s nose,” on safety measures your HR department can take to ensure cybersecurity hygiene, including training, processes and documentation. If you have any questions, please contact Sam Sneed, who reminds us that security is a human process and habit.Back to News and Information