It would be risky to shrug off the latest cyber attack, dubbed “WannaCry,” as just another sign of problems we must accept in our digital age.

Indeed, violations of computer systems are entirely too common, from recurring hacks on businesses that expose customers’ private information to “ransomware” like WannaCry in which computer files of an individual, a business or an agency are held hostage until payments are made. Even Hollywood movies such as “Pirates of the Caribbean” have been stolen before their release with the studios forced to pay ransom to keep the crooks from releasing the movie to the internet.

But such attacks do not and should not be accepted as routine or unavoidable. Individuals, businesses and governments must all do more to protect their systems.

The WannaCry attack was startling for its global reach and the speed in which it spread. And it showed how potentially dangerous such attacks could be. Hospitals were among the targets, leading to surgeries and other treatments having to be cancelled. It’s not hard to imagine possible injuries or deaths that could occur if electrical grids, airline controls or other critical systems were attacked.

The latest attack was made possible, in part, because the hackers found a flaw in Microsoft that had already been discovered by the NSA. Intelligence agencies collect security flaws they discover and use them to do surveillance on unfriendly governments or terrorist groups. While the flaws are often not disclosed to anyone, in this case some NSA sources say the agency did notify Microsoft about the flaw. The company created a patch to fix the problem but many businesses and agencies around the world either didn’t apply the update or didn’t apply it fully and correctly.

The policies used by intelligence agencies regarding security flaws need to be examined. Intelligence officials say collecting security flaws and sometimes keeping the information secret is a vital tool in helping them track terrorists. Others argue holding information about flaws needlessly risks computer systems across the country and the world. Congress should find a better way to allow intelligence agencies to use some truly valuable information about security flaws to thwart terrorism dangers while leaning toward a policy that more quickly alerts companies such as Microsoft to flaws in their systems.

More importantly, the ongoing hacks and attacks should push individuals, businesses and public agencies to do a better job of updating security, change passwords more frequently, back up system information and be much more suspicious before clicking on links in emails. As it is now, we are all making it too easy for the bad guys.

— Mankato Free Press, May 22