Money Matters Practice Management How secure is my IT?
How secure is my IT?
Print E-mail

 

 

 

The WannaCry ransomware virus that made the news recently is a timely reminder that businesses cannot take security for granted. The only reason why this incident made the news around the globe was because of high profile institutions such as England's NHS being severely affected. The virus exploited a known security hole that Microsoft patched in March 17. The root cause is failing to install updates and patches as they become available. 

There are tips you can use to minimise the risk of 27062017-IT-securityinfection or your system being compromised. 

1) Deploy a good antivirus with heuristics for detecting and removing threats. The independent antivirus testing website evaluates and ranks business protection software in areas of protection, performance and usability. www.av-test.org/en/antivirus/business-windows-client/windows-10/ A good antivirus helps catch any malware that's hitched a ride on a USB flash drive or CD/DVD and stops malware from executing if it makes it through the internet and email filters you may have in place. If you're relying on Microsoft's built in anti-threat engine, Windows Defender, you'd be providing yourself with a false sense of security (see www.itnews.com.au).

2) Access levels, permissions and passwords are your weakest link. Ensure that all user accounts have the lowest permissions possible, allowing just enough access to complete tasks. Most threats run under the infected user’s credentials, so the less permissions a user has, the less damage done. Passwords should be changed frequently, be complex and long. User accounts should have an automatic lockout after five incorrect attempts at logging in. Use at least two words sprinkled with numbers and symbols to ensure it can't be too easily guessed. 

3) Install a UTM device https://en.wikipedia.org/wiki/Unified_threat_management to filter your Internet connection and incoming emails. This will weed out most of the attempts to insert malware when browsing websites and eliminate malicious attachments in emails. 

4) Educate staff on how to create easy to remember complex passwords, ensure they vet contractors wanting physical access to systems and cross-check phone/electronic requests for sensitive business information. Show them how to verify authenticity of emails and to always ask if in doubt. 

5) Ensure all systems are patched and updated. If you're running software that the vendor no longer supports, upgrade or replace immediately. Microsoft release updates for all of their supported software, not just Windows, at least once a month. Ensure that you also update other software like Adobe Acrobat Reader regularly, not just Windows alone. https://its.ny.gov/security-advisory/multiple-vulnerabilities-adobe-acrobat-and-adobe-reader-could-allow-code-execution

This also includes ensuring that firmware in devices like Internet modems and printers are patched and updated. http://www.zdnet.com/article/flaws-in-popular-printers-can-let-hackers-easily-steal-printed-documents/

By Jerome Chiew

ED: This e-mail address is being protected from spambots. You need JavaScript enabled to view it