Failure to carry out regular IT systems updates leaves you vulnerable to attack.
At ASL, we have worked with UK SMEs for the last 20 years, advising on business continuity and disaster recovery solutions that keep critical data safe from cyber-attack.
Today, more and more businesses are being impacted by ransomware attacks, and protecting from data loss has become a priority that can no longer be ignored. If you can’t remember the last time you installed a systems update or did any patching, you could be making yourself vulnerable to viruses or a ransomware attack. If you think it’s unlikely to happen or you just don’t have time, then think back to the recent disaster suffered by the NHS.
Don’t get caught out by a ransomware attack – The NHS was affected by Wana Decryptor 2.0, which locks users out of their devices and data. All data was then encrypted and a ransom demanded for unlocking it, with the decryption key coming via the Tor Network.
Overcoming the problem – One option is to pay the ransom, but this could be extremely expensive. Another involves the rebuilding of the infected server(s), also costly, however, ransomware can be effectively neutralised with the use of Rapid Recovery, (formerly known as AppAssure). Read more for further information on how it’s possible to be fully restored in hours after such an attack.
Taking care in the future – While presently, Wana Decryptor 2.0 is not known to be distributed via email, it is very likely this could become possible. All users should therefore be extremely cautious when opening any e-mail attachments. E-mail attachments should ONLY be opened if you are confident of the source – ASL recommend the reinforcement of this message to all your staff.
What can you do to protect yourself from a ransomware attack?
At ASL, our advice is to immediately address the installation of the latest updates for your systems and packages. Updates and patching should cover all IT hardware and software including:
- PC / Laptops
- Mobile Phones
More specifically, if you have any computers on your network that are running Windows Server 2008, 2003 or Windows XP, you should run a Windows Update and install all outstanding updates immediately. It was the lack of attention to the installation of updates on the NHS’s older operating systems, that led to their vulnerabilities being exploited.
At ASL we can keep you safe from attack, we recommend:
Implementing an update/patching policy
If you don’t currently have an update/patching policy, we advise that:
- all PCs/laptops/terminal servers are set to Automatic Updates and Windows Updates installed every day
- all mobile phones should be updated to their latest firmware as and when released
- all other devices should also be updated to their latest firmware at regular intervals
Virtual host server updates
Servers, particularly virtual hosts, are more complicated and require scheduled maintenance. At ASL, we recommend a Quarterly Patching Contract (QPC) to ensure regular maintenance and up to date patching that doesn’t cause any disruption to your business. This service can be extended to include servers/switches/firewalls and any other devices that you may have.
Other software, such as Microsoft SQL Server, Microsoft Exchange, etc. should also be updated to the latest Cumulative Update or Service Pack. We can offer a review of this and add it to a QPC if so desired.
All your relevant devices should have the latest versions of anti-virus software installed. If you are not sure about which anti-virus solution would be the most suitable for your business, ASL’s experts can help with any information you may need.
To discuss QPCs, systems updates and patching to protect your business from a ransomware attack, call us on 0345 862 0350.