While the recent cyber attack on the NHS did not affect patient data, it has served as a reminder as to how important it is to keep people's personal data safe and secure. 

Like a computer virus, ransomware often enters an organisation’s network as an attachment to an email. The content of the email might request the recipient take a specific action or to “act quickly” such as paying an invoice, and direct them to open the attachment. The attachment will then take advantage of any vulnerability in the operating system or other installed software (such as a word processor) and this could start the encryption process.

The Information Commissioner's Office (ICO) has published a useful blog on its website about how to prevent ransomware attacks and highlights that there are other methods by which ransomeware can be delivered, such as via remote access and remote control applications. 

The ICO blog details a 'Prevention' checklist which includes:

• Ensure all of your devices have the latest necessary security patches
• Remove unnecessary user accounts (such as guest and unnecessary administrator accounts) and restrict user privileges to only what is necessary
• Remove or disable unnecessary software to reduce the number of potential routes of entry available to ransomware
• Segment your network so that if an attack does take place the damage you suffer is limited
• Importantly, your back-ups need to be protected from also being encrypted – make sure you have an offline and offsite back-up
• Train your staff to recognise a ransomware attack if it does manage to get past your anti-malware protection

The ICO also provides details of steps you can take for data recovery should you fall victim.

You can read the full blog here.