The WannaCry cyber attack on the NHS is all over the news today. There’s pretty sharp criticism for the NHS failing to ‘do the basics’ to protect themselves. But what are the fabled basics and why are we all so blissfully ignorant and equally negligent.

by Rachel Hudson, XQ Cyber

First some facts in plain English:

  • What was WannaCry?: nasty software that infected NHS computers across the country and by taking control of the devices was able to freeze the screen and demand a ransom from the user to unlock it.
  • What damage did it do?: basically, staff couldn’t operate any of the machines affected.  In total, 81 English health trusts were affected leading to the cancellation of an estimated 19,494 medical appointments, including 139 potential cancer referrals.
  • How did it get into the computers?: in the most basic terms, the malicious software (malware) automatically went looking for parts of software that hadn’t been updated and therefore had holes in it – aka vulnerabilities.  Think of it as an open window that a burglar climbs through.

Relatively, the NHS does a pretty good job of taking its cyber security seriously and has been ploughing resource into tackling the problem for some time.  Yes they have vulnerabilities, but so does every single other personal computer, business, organisation and institution in the world – and always will.

There is no such thing as being 100% protected. The reality is that hackers are becoming increasingly creative, technology is advancing exponentially and we never know from where and how and why the next attack is coming.

The very best thing that ALL of us can do – including the NHS – is take precautions, get the basics right and invest in security protection that is proportionate to the value of our assets.

So what are the Basics??

Well, pretty simple actually.

Here are three things will massively reduce your risk:

  • Don’t use unsupported software: for example, if you’ve still got XP it’s not being supported any longer – it will be full of vulnerabilities.  Update to a current version of your preferred software that is being actively maintained by the provider.
  • Patching: every time a software company pushes out an update it will include ‘patches’ that fix-up any vulnerabilities in the system.  This is actively keeping your device protected. Don’t ignore those alerts to ‘update your software’ (however irritating they are) – they matter!
  • Passwords: a typical password is a short combination of letters and numbers that any basic hacking software can crack in minutes or even seconds; it’s basic maths and the speed with which a computer can race through combinations of letters and numbers.  However, use a passphrase instead and it will likely take a million years for the password cracker to get it – if ever.  Phrases are just random collection of words.  For example: ‘sticky lemon pickles’, or ‘bring me sausage rolls’. You get the idea.

Cyber security is a real and present danger to all of us – not least because the world is full of bored hackers who like the cheap notoriety of pulling a stunt.
At the least it might mess up your day and at worst it can shut down entire organisations and businesses frighteningly quickly.
So get the basics and stay safe.

More help and tools you can use: