HOW TO: Protect Your Business From WannaCry (and other nasties)

Unless you’ve had your head under a rock for the last few days, you will have heard about a nasty piece of malware called WannaCry. It took government agencies and businesses large and small hostage over the weekend last.

WannaCry – what is it?

It’s a piece of software that uses a security hole in Windows to install a package that locks you out of your computer until you pay an amount to the perpetrators. It’s called Ransomware, because you have to pay a “ransom” to get back into your computer.

The thing is, while said perpetrators may UNLOCK your computer after you’ve paid the “ransom” the malware itself is left on there. So in 5 days, or 7 days, or a couple of weeks, the same thing could happen again. You’ll be asked to pay again. And again. And again.

Protecting yourself

So what can you do to avoid having to deal with this invasion, and what can you do to minimse any damage if you do fall victim to it?

It’s important to know that there are people in this world who spend all day, every day, trying to gain access to other people’s computers, their websites, their servers etc. That’s never going to stop. But you can protect yourself.

NEVER click on a link from an email address you don’t trust.

It sounds simple, but you’d be surprised by how many people still fall victim to scam emails by clicking on links they THINK are genuine. A couple of pointers to picking a dodgy email –

  • Do you do business with the purported sender of the email i.e if you receive an email pretending to be from a bank, do you do business with that bank? If not, it’s a scam.
  • NEVER login to a website by clicking on a link from an email. ALWAYS go to the actual website and login from there.
  • Legitimate emails will more often than not be addressed directly to you using your first name, surname or both. If it doesn’t it’s a scam.

Update, update, update

The WannaCry malware used a security hole in Windows that was patched by Microsoft in an update back in March. If your computer operating system is up to date, you aren’t at risk of WannaCry. Windows XP was only patched over the weekend because SO MANY people are still using it. This may not be the case next time. Seriously, if you’re still using Windows XP, it’s time to buy a new computer. Windows 10 isn’t THAT bad, or you can try a Mac or even a Linux desktop.


ALWAYS have an active, up-to-date anti-virus installed. This should be a given for any computer (Windows especially, but also Mac – see here for a recent example of why).

Backup, backup, backup

ALWAYS back up your valuable files. I’m not talking about Dropbox, Google Drive, Box etc. These ARE NOT backup services. If you delete a file from the sync folder on your computer, it gets deleted from those as well. That’s not backing up. We’ve written an article on the minimum way you can back your computer up using built-in software here. We recommend using an off-site backup solution like Crashplan for extra security though. Crashplan costs ~$15 per month – small change really – and it means that if you ever do fall victim to a ransomware attack, rather than fork out the coin to get access back (again and again) you can simply roll back to a previous backup. You may lose a day, or even a week worth of data, but that will be far less than what you’ll pay to get your access back.

Greater than the sum of their parts

All of these steps are important on their own, but it’s combined where the whole is greater than the sum of their parts. Skip any of these steps and you’re putting yourself at risk unnecessarily.

We hear a lot of people complaining about the cost of such measures. That is until they fall victim to such a scam and lose everything. A fully managed service that keeps your PCs up to date; backs them up remotely and will restore them if necessary; provides anti-virus monitoring and cleaning if necessary; provides hardware monitoring and gives you help-desk support will set you back about $110 per month per PC. Chump change when you consider the alternative.

Leave a Reply

Your email address will not be published. Required fields are marked *