- Do regular backups. I know it's boring, but do it. In the very early days of PCs, I had two hard discs fail within six months, in each case losing everything on them. The first time I was unprepared and lost months of work. The second time I was backing up every day and lost nothing. These days it's really easy - with something like OneDrive, Google Drive or Dropbox you simply keep your work in a specific folder on your computer and it is all automatically backed up. As it happens, in the case of the ransomware attack, you might find that the encrypted data started to replace the backups - so rapid disconnection from the internet and an occasional local backup as well would have been an additional good precaution.
- Don't click on links in emails. This attack was initiated by a fishing email where a user had to click on a link that didn't go where it said it did. In practice, you hardly ever have to click on a link in an email - for example, if you get an email from your bank, or Amazon, or Paypal or whatever, log in normally and check for an alert within the site. Most email software will tell you the address a link goes to if you hover the mouse pointer over it, either as a floating box or at the bottom of the screen. You can use this to check if a link is legitimate, though be careful as some malicious emailers use addresses that sound like the real thing. But most don't.
- Always install operating system updates as soon as you get them. Although it hasn't been hugely covered, this was the biggest problem in the case of the ransomware attack. Microsoft had issued an update in March that would have prevented it from happening. The number of times when I see other people's computers and they have an operating system update outstanding is remarkable. OS updates almost always include security patches. If you don't install them as soon as possible, you've only yourself to blame.
Although not about direct prevention, there are a couple of other minor things. Some were probably hit because they were running versions of Windows like XP that are so old that Microsoft no longer updates them. I know this can be tempting, especially when the alternative is the awful versions of Windows that have been issued lately. But there comes a point when you have to move on. One of the reasons some don't is because Microsoft has typically charged quite a lot for new versions of operating systems. This, arguably, is another reason for switching to Apple (which doesn't). Not to mention the lower levels of attack on Macs. (If you have a Mac, though, don't fall into the trap of thinking you don't need anti-virus - you do. I'd recommend the free Sophos product.)
Don't let the news of the ransomware be just a pleasant distraction from the election, or a frustration if you are worried about an NHS appointment. Make sure you keep yourself protected too.
I was AMAZED to hear that many computers in the NHS, for example, still run WindowsXP.
ReplyDeleteI gather very few XP computers were actually hit - it was mostly Windows 7, which a lot of large organisations stuck with as they couldn’t stand the new interface. XP tends to still be used where you either have a dedicated processor, for example in an MRI scanner, or a very low power device - I still had it on my old netbook until it died.
Delete