Installing Patches Immediately Helps Protect Your Organization from Cyber Vulnerabilities

Cyber criminals often exploit known or not yet known vulnerabilities of the Operating System and/or other critical systems, such as a web server or a database, in order to penetrate your network/systems. In the recent WannaCry attack, hackers exploited the Microsoft Windows Server Message Block protocol and encrypted data demanding ransomware. There was a patch that Microsoft had provided but thousands of systems around the world had not yet installed the security update. National Cyber-security awareness month
In honor of October being Cyber-security awareness month, AAFCPAs would like to take this moment to remind our clients again of the critical importance of taking measures to protect against malicious cyber-attacks.

What can you do to minimize your vulnerabilities?

  • Have desktops/workstations on auto download / auto install mode so the latest patches are automatically installed on the system.
  • Schedule regular maintenance windows to apply patches, combined with “emergency” downtimes when critical patches need to be applied as soon as possible. Additionally, consider investing in a high availability system, i.e. two systems running parallel, which would allow you to apply patches easier with minimal down-time.
  • Regular maintenance should also include infrastructure systems, including: firewalls, routers, switches, printers, etc. These systems need patching as well because they are part of your network, and provide opportunities for exploitation.
  • Run regular, annual at a minimum, vulnerability tests which can help identify your risks.
  • Be aware of the latest vulnerabilities. You may subscribe to information services such as https://www.us-cert.gov/, an official website of the Department of Homeland Security, and managed by the US Computer Emergency Readiness Team.

AAFCPAs advises clients to take a disciplined approach to cyber-security in order to better guard against, and minimize your organization’s risk of becoming a victim. Patching is one tool making it harder for hackers to penetrate your environment and steal your data.
To schedule a cyber-security assessment, or for specific advice on how to best protect your organization against cyber-attacks, please contact James Jumes at 774.512.4062, jjumes@nullaafcpa.com, Vassilis Kontoglis at 774.512.4069, vkontoglis@nullaafcpa.com or your AAFCPAs partner.

About the Authors

James Jumes
James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.
Vassilis is a leader in AAFCPAs’ Business Process & IT Consulting Practice. He has 20+ years’ proven experience providing business intelligence, productivity, information risk management, and cybersecurity solutions. He is a critical resource in keeping clients and the firm on the forefront of transformative technologies while mitigating risks that come along with these advancements. Vassilis leads the delivery of Robotic Process Automation solutions at AAFCPAs. He understands the unique requirements to achieve RPA success, including proper design, planning, implementation, and governance. He works collaboratively with clients and cross-functional teams, and leverages his deep understanding of enterprise information systems, business logic, and structured inputs to automate rote processes and increase operational efficiency. Vassilis is also the leader of AAFCPAs’ automation center of excellence (CoE), an internal team that streamlines automation output, provides structure, and helps scale automation through the firm.