By Susan Bloom
It was the new "shot heard 'round the world" – the so-called 'WannaCry' cyber attack, a ransomware virus that hacked into victims' computer systems and demanded a ransom payment in order to restore access. Since it hit a week ago, the attack has reportedly affected over 200,000 computers in 150 countries, impacting operations at everything from renowned corporations like Fedex to German banks, Russian railways, and numerous hospitals in the U.K., where computerized patient appointment systems were impaired.
Considered the largest and most widespread ransomware cyber attack to-date, WannaCry allegedly took advantage of a vulnerability in Microsoft Windows for which Microsoft had released a patch this March, but which many companies hadn't applied because they hadn't yet updated their systems. Microsoft itself referred to the situation as "a wake-up call," a description that IT Best Practices & Cyber Security Specialist Michael Foster wholeheartedly agrees with. Foster is the CEO of The Foster Institute (www.fosterinstitute.com) in Napa, California and author of "The Secure CEO: How To Protect Your Computer Systems, Your Company, and Your Job."
"Global cyber attacks are happening with both greater frequency and severity and no business is exempt," Foster said. "If systems go down and electrical distributors are unable to fulfill orders, for example, it can be a very expensive and unpleasant proposition. The one positive part of these dangerous cyber attacks," he conceded, "is that they're bringing to light the importance of protecting your system."
Following, Foster shares some key tips and best practices to help businesses beef up their IT network security, reduce threats from 'hackers and slackers,' and protect their organization from future attacks:
- Pursue Patches -- "Most organizations are missing critical security patches and there's a very strong likelihood that yours is too," said Foster, who noted that in today's digital age, many organizations are hiring dedicated IT professionals whose sole responsibility is to manage patches. He recommends "providing your team with extra time and perhaps additional personnel to test and then deploy patches ASAP. If the patch fails testing, time must be invested to resolve the issue or implement compensating controls." In particular, Foster suggests prioritizing critical security patches for the operating system, all browsers, and Flash, Java, PDF Readers, and Microsoft Office, "because they're usually the easiest to attack and form your first line of defense," he said.
- Mitigate Risk – Foster acknowledges that many IT teams are reluctant to apply patches for fear of 'breaking' systems that are already running, but recommends that company executives reassure IT employees that the company will take responsibility if the patch causes a problem while encouraging them to take measures that mitigate risks. Such measures include testing patches in a sample environment that uses the same applications as the rest of your network; this could be a single computer in a small company or a specially-created testing environment that's isolated from the production environment in larger companies. Foster also recommends having a pre-tested rollback plan so that, in the event that the patch does cause a problem, the IT team will already know what to do to roll it back and return to the testing phase.
- Use Disciplined Deployment – "Deploy patches in stages rather than patching all machines simultaneously so that if the patch causes a problem, not all of your machines will be affected," Foster said. He also suggests empowering your IT team with a patch management tool such as Ninite, LANGuard, Shavlik, or others and asking the IT department to provide a list of missing patches on a weekly or at least monthly basis.
- Upgrade Regularly – "You must upgrade from older operating systems, particularly any of the ones that Microsoft no longer supports," Foster advised. "If some machines can't be upgraded, they must be isolated or some other compensating control must be put into place." For smaller organizations that either don't have an IT team or rely on an outsourced IT company to manage patches, "be sure that the option that provides automatic updates to Microsoft is enabled" or else simply Google instructions for this action based on your firm's operating system, whether it be Microsoft, Apple, etc. Additionally, he said, "manually check for updates in Microsoft Office to be sure that they're applied and also ensure that automatic updates are enabled in your browsers."
- Restrict Access – Foster suggests that companies consider reducing the privileges of their computer users to only those which are necessary to get their jobs done. "If a user has elevated permission, the attacker does as well," he explained. "By reducing employees' access, it limits an attacker's ability to penetrate an IT system to the level of the employees' restricted access."
- Embrace a New Normal – With cyber attacks unfortunately becoming more regular occurrences, Foster encourages electrical distribution firms to take the threat seriously. "Overall," he said, "it's important for all businesses to stop relying solely on measures like anti-virus software, firewalls, and passwords and to pay attention to security patches and better control the applications that are allowed to run."
Bloom is a 25-year veteran of the lighting and electrical products industry. Reach her at firstname.lastname@example.org.