You could not fail to miss the coverage of the worldwide ransomware attack over the weekend which particularly affected the NHS.
The scale of the attack, and its impact on public services, is unprecedented. However, similar attacks happen on a daily basis and third sector organisations must protect themselves from risks of operating in the digital world.
The latest UK Government Cyber Security Breaches Survey reveals nearly seven in ten large organisations have had a breach or attack. The average cost to large organisations was around £20,000, although in some cases this reached into millions.
The most common attacks are the result of fraudulent emails, coaxing staff into revealing passwords or financial information, or opening dangerous attachments. The ransomware attack over the weekend was particularly damaging as it didn’t just infect the original user, who may have opened a dangerous attachment; it was able to seek out and infect other computers on the network that had the same vulnerability.
The vast majority of these attacks are not targeted, they are random and third sector organisations are equally at risk. In September, a ransomware attack on Comic Relief took their systems down for three days. Only a few days before the NHS attack, the Queen’s Nursing Institute in England reported disruption as a result of an attack on one of their servers.
What should we do now to protect ourselves?
Follow the advice of the National Cyber Security Centre to reduce the risks to your organisation by:
If you have any systems that are still running Windows XP, you must immediately install this patch from Microsoft and upgrade to a more modern operating system as soon as possible.
Given the heightened awareness of the risk, it is worth reminding all users of your computer networks to be wary of opening attachments or links in emails, particularly from strangers or where the language and style used seems unusual.
What should we do in the longer term?
Cyber attacks are as great a risk as other forms of crime. Therefore third sector organisations should:
Getting ready now will also help prepare you for the forthcoming EU General Data Protection Regulation coming in to force in May 2018. This places more responsibility on organisations to protect data or risk hefty fines. It also provides greater protection of people’s rights, as well as an opportunity to create greater trust and transparency around how organisations use personal data. Book now to attend SCVO's Data Protection Conference on 21 September 2017.
Continue to stay safe online.
Should you need further suppot, SCVO provides a range of IT services to our members, including advice and fully managed IT support.