Four Lessons from the recent ransomware attack

What can computer users and small businesses learn from the recent widespread ransomware attack?

One: Back up everything regularly! This is the most important lesson. Ransomware and most computer attacks destroy the information on your computer. If you have a good current backup of everything the worst you will lose is a little time as you reinitialize your computer and restore your data.

Most recent computers come with a CD, USB device or boot option to reset the machine back to the way it was when you first bought it. From there just run the restore option for your backup system. For Windows users doing manual backups you may have to first install any software you had installed, then restore your files.

Two: Patch your operating system. Every operating system, whether Microsoft Windows, Macintosh OSX or any distribution of Linux, receives regular security and bug-fix updates from the publisher. Check to be sure that your system is set to receive those updates automatically and that the feature is actually working (check your update history). In this latest attack Microsoft had already released a fix for the flaw being exploited, so the only machines affected where those that didn’t have the patch applied.

Some people like to wait to apply patches. They may fear that the automatic updates may introduce unintended problems or just like to feel in control. That was a legitimate concern at one time, and it’s reasonable for large organizations with big IT staffs to test and distribute updates. But for the rest of us the risk has become too great. You need the operating system updates, at least the security updates, as soon as they’re available.

Three: Don’t run unsupported operating systems unless you really need to. In practice that means update or replace any computer running Windows XP, Windows Vista or Windows 8. Unsupported means they don’t receive updates and you generally can’t get any support from the publisher. But it doesn’t mean they’re immune from newly discovered or newly exploited security flaws.

The only reason to run these older systems is if you have older software or hardware that won’t run with newer systems. If that’s the case you should at least be aware of the risks. Take extra precautions and don’t use the older machines for general-purpose computing. Only use them for the needed functionality.

Four: Use antivirus and antimalware software. Some products are better than others but the best system is one that is recently updated and running. For most users the free software included with Windows, such as Windows Defender, is adequate for virus protection. You can supplement your protection with a malware product such as Malwarebytes. Again the key is to make sure it’s up to date and used. Pay attention to the status icon(s) for your security software. If it gets turned off without your knowledge you may have a problem, or it may just be a one-time glitch, but you need to turn it back on and run a scan ASAP.

The bottom line: It pays to take precautions but eventually we all get stung by an attack, a scam, or simple hardware failure. Planning for recovery in advance makes it much less stressful, and potentially much less costly, when things eventually go wrong.