While the immediate threat of cyber-carnage in the wake of the WannaCry attack has been averted, South African SMBs are in the firing line of the next global malware outbreak.
That’s the view of Craig Jones, chief technology officer of technology and digital empowerment company Curve Technology Group.
“We may have dodged a bullet with the chance discovery of WannaCry’s ‘kill switch’, but the very reasons that WannaCry was able to strike in the first place are still very much in play,” says Jones.
“Nowhere is that more evident than right here at home, in small business offices around the country where older, redundant computers remain the mainstay of South African SMEs,” says Jones.
“Unlike medium and larger corporates that generally move with the times, smaller companies see IT as a necessary cost rather than a competitive advantage, and their lack of investment in IT leaves them open to the very attacks that could cost them much more in the long run.”
Managed service providers like Curve Technology Group ensure their clients’ critical business systems always run on the latest operating systems, and that these systems are protected both by third party anti-virus and anti-malware software and regular security patches from Microsoft and other key software vendors.
“Malware – or ‘ransomware’ like WannaCry that tries to extort money from infected users – relies on security holes in older operating systems like Windows XP,” says Jones. “Once they’ve taken control a vulnerable system, they’re free to replicate and infect other systems connected to the infected computers, even if they’re running other, newer versions of Windows or different operating systems altogether. So just because you’re on a newer system doesn’t mean you’re out of the woods.”
Jones suggests SMEs with older machines take care to protect themselves from attack by following a few simple guidelines.
“First, regardless of your operating system, make sure you activate automatic updates or – in the case of unsupported operating systems like Windows XP – download and install the latest security patches on a regular basis,” he says.
“Second, always use reputable and updated anti-virus and anti-malware software as a first line of defense, and activate any anti-malware firewalls on your email accounts using the configuration panel from your ISP. Also, make sure you make regular backups of your critical data, and keep it offsite. Backing up to the cloud is not a backup because infected files synced to the cloud quickly infect the synced files as well.”
Even with the right defenses in place, many malware attacks are the direct result of human error or, more likely, ignorance.
“Most users, especially small business users that don’t have the backing of an IT department or dedicated IT consultants, are unaware of the basic workings of their computers, let alone the complex software settings that, left unchecked, leave the door wide open,” says Jones.
“The bottom line is this – if you’re not quite sure what you need to do to protect yourself from malware attacks, ask someone that does. Maintaining a secure business system doesn’t have to be an expensive exercise, even for a small business, and certainly nowhere near as expensive as the damage caused by a malware attack.”