There are three general responses to a data attack like WannaCry. The first is the immediate, “What do we do to stop this and resume operations again,” the second response is a short-term, “What can we do to shore up data security while we recover and look at our strategy” and the third is a long-term, “What permanent changes do we need to make so this never happens again?”
The first and third responses get a lot of airtime, but we’d like to talk about the second response – the short term, immediate action that you can take once you get your business up and running again. These steps are vital to ensuring customers that you have improved your security and preventing aftershock-like malware created by copycats in the wake of a successful attack. Even if your company hasn’t been attacked, if a data attack has made you a little nervous, these short-term steps are a great idea to increase protection and prevent future problems.
Patching Schedule
One of the notable things about WannaCry is that it could have been prevented with the right patches. Microsoft actually provided patches to fix that particularly vulnerability months before the WannaCry ransomware (which targeted Windows computers in networks, especially older versions of Windows). The reason WannaCry was such a huge problem was that companies had just ignored the patch: Not for any good reason – they had just gotten into the habit of never patching their systems.
It’s puzzling because we know some of those organizations had IT departments, but we can’t figure out what they possibly could have been doing. Patching schedules are IT 101, and these businesses flunked out: Fortunately, it’s never too late to check on your own patching schedule and make sure that…well, that it exists. Your organization needs to be aware of when a patch is released and must mandate that the patch is uploaded to all applicable platforms ASAP. For some adaptable companies, continual awareness and automated “as soon as you get them” updates is the best policy. For other companies, it can be more helpful to set up a schedule of checking for updates, such as a weekly or bi-monthly inspection. Either way, have a plan!
Updated Antivirus Software
Antivirus software is in a curious period of evolution at the moment. Older antivirus software looks at DAT files kept on a malware registry, basically a collection of the information about current malware (sort of like matching fingerprints to a criminal database). However, malware moves so quickly these days that some of the DAT files aren’t updated fast enough to catch the latest attacks.
That’s why the newer versions of antivirus software use advanced tracking technology to find actions and data that appear to be DAT files in the making – and warn administrators ahead of time. Obviously, the latter is more effective than the former, so making the switch makes a lot of sense in the wake of an unfortunate data attack (or fear of one).
Employee Training Session
Yep, it’s time: Call all the employees together for a company meeting. Explain the data threat, why it’s a problem, and what employees need to do to protect their devices and company data. Lay out the requirements in a few clear steps that everyone can understand. Communication is very important at this stage, and a forgetful or confused employee can cause a lot of damage. Educate and reiterate to help prevent problems.
Expired Apps
This point is easy, to sum up: If an app is not compatible with the latest version of your operating system, stop using it. Companies simply can’t afford the risk of using apps that fall behind the latest updates (Windows 10 and macOS in their latest versions, for example). In practice, this is a difficult step to take for many companies, but we encourage you to make it part of a strategy. If an operating system has been updated but one of your apps is incompatible, give that app a month or two to come up with a patch. If it doesn’t, drop the app. This makes it far easier to keep up with the latest security methods and vulnerability fixes.
There are plenty of other short-term steps you can take to improve security and make sure your company is ready, including more careful partitioning and server management. If you have any questions about how to create your own strategy for your Washington DC, Northern Virginia & Maryland business, we can help! Contact Nachman Networks at (703) 600-3301 or sales@nachnet.com to learn more!