Author: Aaron White, Date: 19th May 2017
Unless you have been totally disconnected from the world the last few days, you have heard about the WannaCry ransomware attack that has been spreading around the world. This attack is being dubbed by some as the precursor to a larger, more focused attack once the extent of the vulnerability is revealed.
Those primarily affected are running unsupported systems like Windows XP, pirated or illegal copies of Windows, and those not staying current on operating system patches.
What is the right response to WannaCry? What should your IT team be doing?
In the wake of the news of the WannaCry ransomware attack, the cyber-security professionals of eSOZO Computer and Network Services went immediately to work.
While we believed that the workstations and servers we support had been patched appropriately to protect against the WannaCry attack, we still took the time to review all of the workstations and servers we support to determine if there are any that may have been missing the patches needed.
Beyond this immediate response, we also proactively surveyed the security of our internal network to protect the resources we depend on in delivering IT services to you.
Here’s a checklist that your IT support provider SHOULD be doing.
- Actively monitoring all security fixes and patches for Microsoft, Adobe, and other major software packages commonly used and applying them as soon as possible.
This can be frustrating to end users when their workstations interrupt their work by restarting or operating slowly, but it is a critical part of staying safe in today’s technology-infused world.
- Eliminating unsupported operating systems and software wherever possible.
The cost of continually upgrading and replacing workstations and servers can feel like an unnecessary drain on company resources. WannaCry – and similar attacks – are the reason why eSOZO Computer and Network Services IT consultants talk regularly with our clients about replacing unsupported hardware.
The Windows 10 operating system was not affected at all by this attack. Staying current on operating systems and other software is a critical part of staying safe in today’s world.
- Segregating your private network from your guest network.
Over the last year, the eSOZO Computer and Network Services team has been more forcefully recommending the creation of separate networks for guest workstations and employee-owned equipment. This has felt inconvenient to many, and in some ways, it is. Again, attacks like WannaCry are the reason why we recommend this change.
eSOZO Computer and Network Services works actively to keep our client’s equipment patched and up-to-date. But we cannot do the same for equipment we do not support. By providing a separate network for non-company owned equipment, we can provide the Internet connection needed without endangering the company’s valuable assets.
These are just some of the proactive steps we take to help secure the networks we support. But cyber security is a team effort. We cannot do this on our own.
What can you do to help in the process of securing your company against cyber crime?
eSOZO Computer and Network Services IT consultants recommend that the primary contact for your company meet regularly with your IT support team to discuss and plan the technology for the company. This will give you the clearest picture of what is being done with the company’s technology.
Armed with a high-level picture of your company’s IT strategy, you will be able to:
- Be an advocate for proactive technology practices in your company.
- Ask questions. Of your IT support team – so you feel comfortable with the direction of your business technology. Of your coworkers, so you know what’s happening with the technology in the rest of your company.
- Share information from the Strategic Business Reviews with others, and encouraging them to be involved in the process.
- Encourage technology training and awareness for all members of your staff. WannaCry and similar attacks begin by someone clicking on something they should not. Education and awareness can often be just as important as up-to-date systems.
Whether you like it or not, technology has become an integral part of our daily lives. Properly cared for, it can be a valuable asset. But when ignored, it can be an ugly beast that can lay waste to the business.
eSOZO Computer and Network Services is proactively working to secure and maintain the networks of our clients, and we encourage our clients to take an active role in their own IT and to implement common sense cyber-security policies.
How has YOUR current IT support team responded to the WannaCry threat? Have they been efficient, informative, and communicative? Maybe it’s time for a change.
Bonus Info! – Here are some articles that we looked at as we researched this latest WannaCry threat. Take a look!
- ESET: https://www.welivesecurity.com/2017/05/13/wanna-cryptor-ransomware-outbreak/
- Symantec: https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware
- Microsoft: https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
- Times Now: http://www.timesnow.tv/technology-science/article/india-windows-piracy-wannacry-ransomware-rbi-atm/61104
- CNN: http://money.cnn.com/2017/05/14/technology/global-cyberattack-explanation/
- CNET: https://www.cnet.com/news/wannacry-wannacrypt-uiwix-ransomware-everything-you-need-to-know/