May 18, 2017
WannaCry virus: What retailers need to know
Around the world last week, 200,000 users in 150 countries found their computers inoperable, held hostage with ransomware called WannaCry. The virus locked users’ computers unless they paid hackers $300 in bitcoin, an online currency. While the spread of the virus seems to have slowed due to some of its flaws, it managed to hit hospitals in England as well as thousands of other users across Europe, Asia and the United States.
When a virus like this makes the news, it’s important for businesses and individuals to take a look at how they’re protected against such attacks. With sensitive customer information and financial data at stake, retailers in particular need to be on guard. Thanks to the industry push toward EMV and PCI compliance in the last few years, most retailers have made data security a top priority.
As you remain vigilant in protecting your systems and your stores, it’s important to stay ahead of the next virus. In light of the latest ransomware attack, the cybersecurity experts at Coalfire have assembled a primer on the steps you should take to protect your systems. Among their tips are a list of controls to put in place to ward off future attacks, including:
- Automatic and timely operating system updates on user workstations
- Good endpoint security and malware tools, especially built to detect ransomware
- Efficient email monitoring tools that can detect and block malicious attachments (especially password protected attachments)
- Automated (and periodically tested) data backup systems, which allow organizations to revert to a ransomware-free system
- A configuration management program that ensures systems run the least amount of functionality needed for business purposes
- Architecture design that ensures network traffic to and from critical systems, including user workstations, are restricted to only that required for the system’s function
- Cybersecurity awareness training that discusses phishing and ransomware as part of the organization’s evolving culture
For retailers, it’s crucial to have tight controls like these in place. Your customers’ data and your infrastructure are too important to your business not to. When you’re managing multiple systems across hundreds or thousands of stores, keeping your infrastructure updated and protected is a challenge. Consider these points as you review your systems and confirm your security measures:
- Work with your technology vendors to update system security tools regularly.
- Ensure each system in each store is upgraded to its latest software version.
- Investigate technologies that provide multilayer security and integrate all your systems and devices to simplify and centralize device management.
Invasive viruses like WannaCry can not only put your data at risk, but they can cripple your infrastructure, rendering your stores inoperable and costing you millions of dollars. Take the time to take stock of your security measures and ensure you – and your customers – are protected.