Cyber criminals often exploit known or not yet known vulnerabilities of the Operating System and/or other critical systems, such as a web server or a database, in order to penetrate your network/systems. In the recent WannaCry attack, hackers exploited the Microsoft Windows Server Message Block protocol and encrypted data demanding ransomware. There was a patch that Microsoft had provided but thousands of systems around the world had not yet installed the security update.
In honor of October being Cyber-security awareness month, AAFCPAs would like to take this moment to remind our clients again of the critical importance of taking measures to protect against malicious cyber-attacks.
What can you do to minimize your vulnerabilities?
- Have desktops/workstations on auto download / auto install mode so the latest patches are automatically installed on the system.
- Schedule regular maintenance windows to apply patches, combined with “emergency” downtimes when critical patches need to be applied as soon as possible. Additionally, consider investing in a high availability system, i.e. two systems running parallel, which would allow you to apply patches easier with minimal down-time.
- Regular maintenance should also include infrastructure systems, including: firewalls, routers, switches, printers, etc. These systems need patching as well because they are part of your network, and provide opportunities for exploitation.
- Run regular, annual at a minimum, vulnerability tests which can help identify your risks.
- Be aware of the latest vulnerabilities. You may subscribe to information services such as https://www.us-cert.gov/, an official website of the Department of Homeland Security, and managed by the US Computer Emergency Readiness Team.
AAFCPAs advises clients to take a disciplined approach to cyber-security in order to better guard against, and minimize your organization’s risk of becoming a victim. Patching is one tool making it harder for hackers to penetrate your environment and steal your data.
To schedule a cyber-security assessment, or for specific advice on how to best protect your organization against cyber-attacks, please contact James Jumes at 774.512.4062, firstname.lastname@example.org, Vassilis Kontoglis at 774.512.4069, email@example.com or your AAFCPAs partner.