It’s likely both of these Health organisations became victim to cyber-attacks due to the sensitive information that they have. Hackers know that patient information is sensitive and under no circumstance will Health Officials want it leaked – meaning that it’s more likely these organisations will pay out to a ransom.
How do hackers get into a system?
As technology advances and becomes more efficient, so do cyber criminals. There has been no official confirmation on how hackers were able to access the HSE systems, but we do know there are numerous ways hackers can enter a system. The most common are:
Windows system has not been upgraded. Hackers will rely on outdated software as a potential method of gaining access to a company's security information
A VPN is not being used while using an internal network. VPN works by replacing your businesses IP Address with the servers IP address when online, meaning that your personal data cannot be seen online.
The company are not using a Firewall. A Firewall creates a barrier between a trusted and untrusted network, potentially blocking malicious sites.
Human error. Many cyber scams like phishing rely on human error to work i.e., an employee will open an email that looks legitimate and download content that’s included in the email. The hacker will use this as an entry point to the system
How can I protect my business?
It's essential to ensure that you apply security best practises to minimise your risk of falling victim to ransomware:
Enlist the help of a security/IT Specialist
Install anti-malware software
Using anti-virus, scan your computer to find the ransomware programme
Use a cyber security system that includes a Firewall and operates in real-time
Filter emails to avoid clicking on a potentially dangerous email or link
Limit company access to confidential or sensitive information
Use Multi-factor authentication to make your account as secure as possible
Create secure backups and test on a regular basis
Do not install software or give it administrative privileges unless you are 100% sure it’s legitimate.
Ensure everyone in the company is aware of what to do if they think they may have clicked on a potentially malicious site or link
Provide mandatory company training to create awareness of cyber hacks and best practices when working online.