Over the weekend, an estimated 300,000 PCs in 150 countries were infected by the WannaCry “ransomware.” It was the fastest-spreading cyber-attack in history affecting as many as 9000 machines per hour. While experts around the globe continue to dissect the attack and determine the underlying motive, now is a great time to ensure your business has a solid security posture.
First things first: The threat is not over — according to experts, another large-scale attack is possible. You should:
- Send a communication to end-users letting them know of the threat and to NOT click on suspicious emails (this can be done fast to get the word out). Users should NOT open any attachments they are not expecting to receive.
- Install MS17-010: It is critical that you install all available OS updates to prevent getting exploited by the MS17-010 vulnerability. MS17-010 fix was issued by Microsoft in March 2017, so machines that received the March update with MS17-010 are fixed.
- Install the emergency Windows patch for older systems: Microsoft issued a one-off security fix for three operating systems that are no longer in support: Windows XP, Windows Server 2003 and Windows 8. Go to the Microsoft Update Catalog to find the corresponding security update, add to basket and download.
- Add a notification sentence to each inbound email from external sources that warns the user this is an “Email from External Source.” This serves to heighten user awareness when opening emails and can be set by your email server administrator.
Best Practices Going Forward:
- Be hyper-aware of suspicious emails. Educate your staff of basic security dos and don’ts. Host a workshop that covers security fundamentals. We have found them to be beneficial for our team.
- Have a solid patching strategy. Those pesky Microsoft updates happen for a reason! At the enterprise-level, we’ve helped businesses implement an organization-wide patching process that happens automatically and more importantly, without impacting users' work day.
- Review your data back-up strategy and recovery plans, including segregation of back-up copies from local networks, criticality of systems and data, and recovery processes. Make sure you test your recovery strategy at least once a year.
- Review or implement a security incident response plan to ensure everyone in the organization understands their roles and responsibilities, as well as the expectations of remediation timeframes associated with the threat score.
- Determine your risk. Have you assessed your systems and security protocols? Understanding your level of risk exposure can help you be prepared to respond and recover in the event you’re affected by a Cyber-attack.
Cyber attacks are the unfortunate norm in today’s business climate. Contact us if our team can be of assistance in helping address any of your security needs.