Organisations around the world fell victim to the WannaCry ransomware attacks in 2017, the largest of their kind to-date with more than 200,000 computers in 150 countries affected.

The incident spotlighted the important role the insurance industry plays during wide-scale cyber attacks - as the attacks spread, brokers, insurers and Third Party Administrators (TPA) played a key role keeping clients up to date and educating them on how to respond.

With the rapid growth of cyber insurance, which is expected to increase in the wake of the WannaCry attacks, insurers are increasingly being relied on for advice on preventing cyber attacks, and guidance when incidents occur.

Below we run through the basics of how to protect a business against ransomware attacks, as well as how to educate staff about cyber risk and security.

Ransomware basics – what is it and how do you protect your business?

Ransomware is a term that describes a type of malicious software that uses advanced encryption to block access to data on a computer, and then demands money to restore access (hence 'ransom').

WannaCry, for example, searches a computer for 176 different file types and encrypts them. A pop up then appears, asking users to pay a ransom of US$300 in bitcoins to unlock their files. The note indicates that if payment is not made within seven days, the encrypted files will be deleted.

Although WannaCry spread more rapidly than previous attacks, the types of vulnerability it exploited are not new, and would be protected against by a robust corporate security program.

Any corporate security program should include, at minimum, four fundamental elements which can prevent ransomware attacks:

1. Scheduled Patching: Microsoft and other providers regularly push out updates to protect users against threats like WannaCry, but for these to be effective you must keep your system up to date. One of the ways WannaCry spread so widely was by exploiting unpatched vulnerabilities in Windows XP, which is no longer supported by Microsoft. It’s important that organisations regularly update their software to supported versions, and maintain a regular schedule of implementing the latest security patches .
2. Perimeter Firewalls: A firewall is a set of programs that monitors access to a network and protects against unauthorised access. It’s the gatekeeper that prevents malware and viruses from infecting a network.
3. Email Security: Email filters aren’t just designed to block spam – email is the main way ransomware spreads, so a robust email filtering system should be in place to prevent malicious attachments from reaching employees.
4. Regular Backups: The extent to which ransomware attacks can hurt your business depends largely on how reliant you are on the data stored on your network. Having an up-to-date backup can mitigate most of the risk. Run regular backups and make sure these are stored securely, isolated from your network.

Education – the best form of prevention

The most vulnerable point in any network is its human users. While you can install firewalls, filters and anti-virus software on every other component of your network, education about online safety is the only way to make the human element of your network secure.

The most effective thing organisations can do is create a security culture, where staff understand the threat, can spot the danger signs and know to report anything that looks suspicious.

A good starting point is to educate staff about the the warning signs of a malicious email. This encourages vigilance, and also addresses once of your greatest points of vulnerability. Some common signs to look out for include:

1. The email states that "urgent action" is required - this is designed to alarm staff into taking action without thinking it through thoroughly.
2. The "From" email address is not quite right. It may be very similar to the company address, but slightly different.
3. The email includes a link to a website that may look like the real thing, but is fake. If you look in the address bar, it will not show the correct web address. For example, you might see the Google homepage, but the address bar will read: www.gooogle.com, not www.google.com
4. The email message may contain very poor spelling and/or grammar.
5. The email message asks you for personal information. For example: your bank would likely never call you and ask for your bank account number.

A good corporate education program should also teach staff how to manage a suspicious email, how to handle inbound attachments and how to check a link is safe to click on.

To help, we’ve prepared an infographic poster you can use to educate staff about cyber security.

Choose the right partners

Although WannaCry has been the largest ransomware attack to date, experts predict that the frequency and severity of this type of attack will continue to escalate.

Cyber attacks move quickly, so speed of response is vital to minimise loss when incidents occur, so it’s important to partner with organisations who understand the issues and are ready to respond.

GB was recently awarded ISO27001 certification for its outstanding information security practices for the fourth consecutive year, and works closely with insurers, brokers and underwriters to provide comprehensive claims management services for all classes of insurance, including cyber.

For more information about our claims management services contact Gallagher Bassett.