As we all know, a massive cyber-attack has disrupted services across the world.
Over 72 hours since the first attack became public, we should have all been taking the following procedures to ensure our immediate protection:
Check servers and workstations are fully patched and in particular make sure the correct patch for MS17-010 has been deployed.
- Make sure anti-virus software/patterns are up to date
- Make sure users do not login to the network using Administrator credentials.
- Check all remote storage media on a ‘stand-alone’ device before introducing the data to the network
- Make sure email is scanned for virus/malware before being opened. Subscribing to a third party service is very useful.
However, addressing the immediate threat is one thing. Now is the time to ensure that going forward you aren’t vulnerable and that your business continuity processes are robust and in place.
We’ve worked with many schools’ ICT teams to help them secure and protect their networks. Our advice at the moment is to undertake an ICT Security Audit, which will provide you with a strategic review of your security.
Areas you need to cover are:
- Do you have proper processes in place for deploying software patches and updating anti-virus patterns?
- How is remote access granted and what protocols for remote access are you using?
- How is data stored and transferred around your network?
- Checking user access controls, password management, backups and restore processes.
Once you have identified vulnerabilities, you can then implement best-practice to ensure that your school is fully protected.
If you wish to discuss any of the issues raised in this email or you are concerned about your organisation’s vulnerability, do get in touch.