WannaCry? Help for SMEs to protect financial data

Unprecedented success of WannaCry attack exposed major lapses in business, govt towards cybersecurity

GOVERNMENTS and businesses around the world are still reeling from the malicious cyberattack in May this year by "WannaCry", a ransomware worm that has so far impacted an estimated 230,000 computers across 150 countries.

The unprecedented success of the cyberattack has exposed major shortcomings in the current approach of both governments and businesses towards cybersecurity.

Ransomware is a type of malware that encrypts and holds hostage the sensitive, vital and private information of governments, businesses and individuals and requires them to pay a ransom to release their information.

The nature of this ransomware is highly disruptive towards the daily operations of any business, and cloud technology is one way to protect against these attacks.

Cybersecurity for SMEs

Many small and medium-sized enterprises (SMEs) store their business information on their office devices, such as desktops and laptops.

However, many are not regularly backing up their data and don't have dedicated IT support teams to maintain and patch their software.

This makes them particularly vulnerable to cyberattacks, and unfortunately, once attacked many are compelled to give in to the attacker's demands to stop their financial and important information from being deleted or improperly used.

As businesses are becoming increasingly aware of these risks, there is a growing trend towards migrating core financial and computing operations into the cloud.

However, take-up is still relatively slow as there remains resistance to the cloud, based on often misplaced security fears and a lack of understanding about how it works.

Security benefits of the cloud

So how does the cloud operate, and what are the benefits of storing information here? The cloud is very simply the term used to describe software, processing and data storage services provided over the Internet.

Typically, cloud computing resources are located in large data centres managed by world class operators, such as Amazon Web Services (AWS). Global corporations, financial institutions and even governments use the cloud to store and process their information, and to provide services to their customers.

Leading cloud service providers use multiple data centres in several geographic locations. This ensures that service outages are avoided; for example, if one server does happen to go down, others can take its place.

These cloud service providers employ 24/7 cyber and physical security guards, and have teams and technology dedicated to ensuring the security of their services and protecting their customers from cyberattacks.

For an SME, this is usually a more secure and versatile option than storing data in on-premise desktop software.

Beyond cyberattacks, desktop software is also subject to loss - think how easy it is to misplace a USB drive - or physical damage, which could be as simple as spilling a glass of water on your laptop.

Making the most of the cloud

When making the move to the cloud, business owners need to do their research to ensure they're selecting a cloud service provider that meets their needs. This means having multiple copies of their data in different locations to minimise the risk of loss from outages. It is also key to engage providers that have robust security controls, including regular security audits.

Leading cloud providers also offer multi-factor authentication and suspicious login detection as a minimum level of security.

There are also options for business owners to monitor how their employees and approved parties are accessing company data. This includes being able to see when users last logged in and what they accessed, and to control what users are able to access on the company cloud.

It is also essential that businesses address any possible security gaps in their own operating systems. For example, you would never leave your front door unlocked when you leave your home; similarly, businesses need to make sure they are taking all necessary precautions and actions to protect their data.

Staff training is another important but often overlooked aspect of security. Hacking can often happen through employees who haven't been adequately taught how to spot possible attacks. Internet safety training, especially for team members managing sensitive financial information, can support safeguarding the business against cyber threats.

Securing your data

Securing data from cyberattacks is essential for all businesses. As more businesses understand the benefits of the cloud, it is increasingly becoming the most popular way to ensure tighter levels of security for small and big businesses alike.

  • The writer is Managing Director, Asia of Xero.