While the recent cyber attack on the NHS did not affect patient data, it has served as a reminder as to how important it is to keep people's personal data safe and secure.
Like a computer virus, ransomware often enters an organisation’s network as an attachment to an email. The content of the email might request the recipient take a specific action or to “act quickly” such as paying an invoice, and direct them to open the attachment. The attachment will then take advantage of any vulnerability in the operating system or other installed software (such as a word processor) and this could start the encryption process.
The Information Commissioner's Office (ICO) has published a useful blog on its website about how to prevent ransomware attacks and highlights that there are other methods by which ransomeware can be delivered, such as via remote access and remote control applications.
The ICO blog details a 'Prevention' checklist which includes:
The ICO also provides details of steps you can take for data recovery should you fall victim.
You can read the full blog here.