used with permission from the FTC
by Nat Wood
You’ve probably heard about the ransomware attack affecting organizations’ computer systems around the world. Here’s the best thing your company can do to avoid it: Update your operating system and other software. Now.
The ransomware, known as WannaCry or WannaCrypt, locks you out of your systems until you pay the crooks who installed it. It takes advantage of a security hole in Windows server software that can be closed by an update from Microsoft. Many of the organizations affected by the ransomware had not installed the software update.
If your company uses an older Windows network system no longer supported by Microsoft, you may not have been prompted to download security updates, but they’re available from Microsoft’s site.
Whether you manage a network or only have one computer, you should download security updates as soon as they are available — no matter what operating system you use. Hackers are constantly looking for security gaps, and companies try to close those gaps as soon as they are discovered. So it’s important to download updates right away. Most operating systems have a setting to download and install security updates automatically. Use it. And install updates for your other software, including apps.
If you use old software that doesn’t update automatically, set up a regular schedule to go to the company’s website and download and install updates yourself — at least weekly.
In addition to keeping software up-to-date, here are a couple of other things you can do to prepare for a ransomware attack:
- Back up your important files. From tax forms to planning documents, make it part of your routine to back up files often on your computers and mobile devices. When you’re done, log out of the cloud and unplug external hard drives so hackers can’t encrypt and lock your back-ups, too.
- Think twice before clicking on links or downloading attachments and apps. Ransomware often is downloaded through phishing emails. You also can get ransomware from visiting a compromised site or through malicious online ads.