The IT topic on everyone’s lips at the moment is the NHS ransomware problem – ‘WannaCry’.
Last week, hospital systems across the country ground to a halt, as well as up to 200,000 machines worldwide in organisations like Telefonica, Renault and the Russian Interior Ministry, in the face of ransom demands. The ransomware attack succeeded as a result of poorly-managed, unpatched IT systems, using an exploit allegedly stolen from the NSA.
If you were running the latest Microsoft Operating System – Windows 10 – then you have not been targetted.
The EJC Response
Any EJC clients on our Level 1, 2 or 3 Service Plans receive automated maintenance and patch management.
This means we automatically apply the most important updates on a regular basis and report on potential exceptions.
Following the attack on Friday we reviewed all our clients’ computers.
We were already aware of a few computers that were runing legacy software for which Microsoft released a patch over the weekend. Beyoned those, our review higlighted a couple more machines across our entire client base that had also not received the updates. In all cases, this was because these machines had been turned off for a long period of time.
This proactive management approach allows us to reach out to those people who might have ‘at risk’ machines and quickly remove any remaining vulnerability.
What can we learn?
1. It’s critical to keep systems and applications updated – and this should be as automatic as possible, and monitored by someone who understands what is going on.
2. Proper antivirus software services – which must be kept updated – should be installed and active on every computer.
3. Your data should be backed-up – regularly and automatically – including, to a device that is inaccessible from your network. You can’t be held to ransom for data that you still have!
4. Understand what you’re opening: everyone at your company should understand how to recognise dangerous files and spoofed emails.
5. Consider using an advanced email security and protection system such as Mimecast Email Management or Microsoft Office 365 Advanced Threat Protection to help prevent future attacks.
What to do next?
If you are concerned about your business, or would like to discuss things further: