Skip to main content

Preparing staff messaging around WannaCrypt/WCry

In the spirit of my ongoing InfoSec openness, here's the messaging I've prepared around our Group's education and call to action around WannaCrypt:

****

Team,

Many of you will have read about last week’s Global cyber attack that caused a number of organisations to be seriously impacted including the National Health Service in the UK and Telefonica in Spain. Over 70 countries were affected in total.

The attack took the form of ‘ransomware’ that caused computer-held files to be made unreadable (encrypted) unless a payment was made to the attackers via the 'Bitcoin' online currency.

Currently we have no reports of any impact to Group services or systems from this attack.

The attack relied upon a combination of malicious software being run, poor IT configuration practices, and the exploit of older, unpatched/out-of-support systems such as Windows XP and 2003.

The Group have a large and complex IT infrastructure that is continually being improved, strengthened and made more secure. The Group Security Team has been working across our brands to ensure this effort gains pace in an ever-increasing threat landscape.

I would ask that each of you please continue your already-brilliant support to the Group’s cyber defences by following these four simple best practices:

  • Be vigilant when opening unsolicited emails, and avoid opening or saving any related attachments unless certain of their trusted origin;
  • Avoid plugging personal or other USB storage devices into Group computer systems unless they have been recently scanned for malware and viruses by using an up-to-date security product;
  • Avoid downloading and running software from the Internet to your workstations unless part of your normal Group role;
  • Immediately report suspicious activity you witness on any computer system that you suspect may be under attack to [internal email address redacted] Unusual activity can include windows appearing and then vanishing spontaneously, the keyboard appearing to type by itself onscreen, or unusual flickering of your computer display.
The Group Security Team [internal email address redacted] are here to support and answer any questions you may have about the attack or any other aspect of security. We are based on the 1st floor of the Southwark, UK office, and I can be reached via Slack (@anders).

Thank you for your time, interest and ongoing support.

--

Best regards,

Anders

***

Photobox Group CISO, Dinis Cruz, has also posted his own advisory to our Group Tech teams.

Comments

Popular posts from this blog

Designing a GDPR-compliant consent workflow for eCommerce

It's been quite a journey for me, to date, as I find my way along the twisty path that is understanding GDPR.

Through attempting to better understand what 'compliance' for the Photobox Group looks like, and in a renewed attempt to better understand its likely impact upon us, something I've found hard to find are good examples of 'GDPR compliant' user interfaces for eCommerce around the provision of user consent.

Ultimately we need to ensure that for each and every GDPR-relevant interaction our brands have with our customer's data, we have their appropriate consent.

The question is, how granular the explicit Opt-In requirements need to be?

The ICO does a good job of publishing high-level 'consent guidelines' as below:
Explicit consent requires a very clear and specific statement of consent. Keep your consent requests separate from other terms and conditions.Be specific and granular. Vague or blanket consent is not enough.Name any third parties who wi…

My first month as a CEO...in numbers

It's been a busy few months as I moved from a wonderful few years spent with the Photobox Group to becoming Chief Executive for Conosco.

Playing to my 'purple' nature, here are some simple numbers to tell the tale of my first month as a CEO:
1 - organisational restructure0 - resulting redundancies4 - new members appointed to a newly-created Leadership Team spanning the UK and South Africa1 - tailored leadership skills course completed by the new Leadership Team20 - minutes that each leadership team member was asked by me to spend completing a self-analysis questionnaire~0 - the number of cynics asked to engage with the exercise1 professional lifetime - the time that the positive impact the individual questionnaire results that were presented to them will last on each of them (ask them, they agree.)62 minutes - the time it took us to escape from 'Escape Rooms' in London32 - the floor we ate lunch at in the Shard where we celebrated our offsite as a new Leadership te…

The 'Big Five' behaviours - Building and maintaining a values-led business culture

Business culture is a topic that I frequently see popping up on my LinkedIn feed, and something I'm deeply passionate about.

Many of us have read the famous Netflix slide deck that describes their own business culture, and even last night whilst digesting the day's technology news I read an analysis of Bezos' meeting culture in a digital broadsheet.

For my business - Conosco - the culture I joined and the culture I knew that I would be proud to lead and be associated with, have maintained a high position in my everyday thoughts whether on my morning drive to work, walking through the streets of London at lunchtime or sitting with my young children as they fall asleep at night after their bedtime story.

Having just spent a week with our teams based in South Africa, it's become ever more apparent to me that a relatively small number of leadership values and habits can help to drive what I feel are the most valuable team member behaviours to support our business culture.