JFSC issues guidance after WannaCry cyber-attack
Chris Hamblin, Editor, London, 17 May 2017
The WannaCry worm is causing damage to IT systems all over the world; Jersey's regulator is but one of many that have issued warnings about it to financial firms.
Microsoft has a patch for the problem already. The Jersey Financial Services Commission, for its part, is aware of the recent ransomware campaign relating to version 2 of the “WannaCry” malware which experts are describing as “the biggest ransomware outbreak in history” because it has claimed more than 200,000 victims in more than 150 countries.
The JFSC has been working over the weekend to assess the threat, further reviewing its own systems’ security measures, while liaising with partner organisations and using intelligence to constantly assess the risk posed. The JFSC has been informed of further variants of the malware entering circulation, distributed by phishing emails. Companies, it says, can undertake the following simple steps to help protect their organisation.
- Keep your organisation's security software patches up-to-date.
- Use proper anti-virus software services.
- Most importantly for ransomware, back up the data that matters to you and test the back-ups. You should then be able to recover your data without having to pay a ransom.
- Do not download files or programmes from unknown websites or sources. Even if you know the source, get authorisation from your IT department before downloading software to the company network.
- Think before you click; exert extreme caution regarding emails, links or untrustworthy websites that may allow dangerous viruses or malware onto the network.
- Report but do not forward any suspicious emails.
- Avoid attachments, as viruses can be embedded in files. Take extra care when opening these files and only open them if you know they are genuine.
- Report anything suspicious, whether it is an email, link or website.
- Phishing emails are designed to look like authentic messages to lure you into clicking them. Trust your instincts. If an email seems suspicious or isn’t quite right, even if it’s from someone you know, do not open it and report it instead.
- Accidents happen - if you do open an email or click a link you think is suspicious, inform your security team or IT immediately.
- Be alert. Think before you click.