WannaCry: How can family businesses boost their cyber security?
In the wake of the WannaCry cyber attack which infected 200,000 computers in 150 countries, family businesses are asking how they can best protect themselves.
The Global Family Office Report found 15% of family offices admitted being victims of a cyber-security breach and most hacks resulted in resulted in losses of $50,000 or less. However, one case resulted in the loss of $10 million or more and industry commentators suspected the real number of family offices attacked was far greater.
The report also found some 25% to 45% if family offices either sit on the fence in terms of IT provider satisfaction or describe themselves as dissatisfied.
The shortfall between senior executives realising the growing threat of cyber-crime and taking action to mitigate the risks among British family businesses was spotlighted in the UK Family Business Survey2017 by PwC.
Even though survey respondents said their biggest single challenge over the next five years was the need to continually innovate, only 54% said they had ever discussed digital disruption at board level. Only half recognised the importance of having a digital strategy globally and 37% of next generations said they struggle to get their business to engage on the subject.
Last week's global WannaCry attack was carried out by hackers using software stolen from the NSA. It proved an unexpected coup for Microsoft, with the company seizing the chance to remind customers to update software and upgrade to more recent versions of Windows.
But what else can businesses do to keep their data and reputations safe? Roderick Jones, digital expert and founder of Rubica, gives his tips.
At a conference in Miami, I met a man impervious to online threats. His secret? He barely uses the internet. This man doesn't use online banking, let alone any other online service.
Every transaction is done in-person with his verbal authorisation, and his banker knows that she isn't to make a move unless she sees the man's mouth speak the words. In a digital world, going completely offline is an extreme answer to the problem posed by cyber attacks. There are better ways to manage this:
· Change all of your passwords. Passwords should be longer than 12 characters and have a combination of letters, numbers, and symbols (and spaces, if allowed.) Use a unique password for every site, account and piece of hardware. Never reuse words or phrases in passwords.
· Enable two-factor authentication wherever possible. Especially email accounts and banking/finance sites.
· Backup your data by storing a copy in a secondary location (on physical hardware or in the cloud.) Back-ups should be encrypted whether they are stored locally or in the cloud.
· Enable whole disk encryption to lock down the data on your laptop's hard drive to prevent access by an unauthorized user, if a laptop is lost or stolen.
· Keep software current. Having the latest security software, web browser and operating system is the first line of defense against common viruses, malware and other online threats. If available, turn on automatic updates for your software programs to automatically connect and update to patch vulnerabilities.
· Enable remote wipe capability on laptops to provide the ability to remotely self-destruct the device (wipe data and restore to factory settings) if it is lost or stolen.
· Update your home router's firmware, the software for the router which allows it to function. Firmware should be kept current via updates from the manufacturer.
· Encrypt your home network by changing your Wi-Fi password to something unique. Default passwords on routers are often the same or easily discoverable. Always choose the strongest encryption setting: WPA2/AES.
· Be vigilant of phishing attempts. To ensure it's legitimate, check the sender's email address and hover over hyperlinks (before clicking) to see the associated web address. Also, take the time to think twice about a logo that seems “off,” misspellings and poor grammar, and possibly a misplaced urgency from the sender.