You’d be hard pressed to turn on the evening news or pick up a newspaper the last few days and not hear about the cyberattack currently sweeping the globe. As an IT company, we get lots of questions about it, so we thought we’d answer a few of the most common ones:
The thing we have been asked the most is “Do I have the patch from Microsoft installed on my system?”
Let’s break this down a little first. This cyberattack (also being referred to as Ransomware or by its name: “WannaCry”) is often initiated through an email. The email contains an attachment which when opened infects the target computer. Once the computer is infected, the program begins to encrypt files on the infected computer while simultaneously setting about spreading itself to other computers in the network and on the Internet. It is at THIS point the Microsoft patch becomes relevant. If you open the attached file of a malicious email, you get infected even if you have the Microsoft patch installed.
So let’s start at the beginning. As a first line of defense, let’s continue to try to teach people to recognize and avoid fake emails. Those who know us well know that we put on a monthly security webinar and we have covered this exact topic in the past which you can get from our YouTube channel (look for the one titled “Avoiding Email Scams”).
Next, let’s talk specifically about the patch Microsoft issued back in March which protects you against having the ransomware spread inside your network as well as to/from the Internet. This is referred to as the MS17-010 patch. If you are a customer of ours, this patch has been installed on every system our tools are installed on. If we manage all of your servers and workstations (you’d know because there is a little blue circle with “it” in it down by your clock) then you’re patched. If we only manage your servers and not your workstations or if there are ANY computers on your network without our tools, then we don’t know whether the patch has been installed on any computer we don’t manage.
Now let’s expand our horizons a bit. There is a best practice in the security industry called “defense in depth”. In English, that simply means that we don’t rely on just one tool or technology to protect your network. We have multiple layers of security implemented, EACH ONE of which is capable of stopping this attack at the perimeter of the network. For those customers that are fully aligned with our standards, here are the points where you are protected IN ADDITION to the MS17-010 patch:
1. Any customers with a SonicWall that has an active TotalSecure license (this is the only way we sell SonicWalls) is protected.
2. We have implemented an additional security software called Cisco Umbrella in the networks where we manage every device. That tool protects against this ransomware.
3. Any PC that has our tools installed on it has Kaspersky Antivirus installed on it which also protects against this malware.
So bottom line: If we are responsible for managing every PC on your network, and you are fully aligned with our standards, you are protected about 4 times over. If we are only managing part of your network, or if any PCs don’t have our tools installed we’d recommend you update your Windows patches ASAP and also consider some of the other technologies mentioned above to construct a defense in depth strategy. Finally, train you folks! Our resources are free – the second Thursday of every month at 11:30 am we do a new webinar (sign up here), and past webinars are pushed to our YouTube channel.
We have fortunately not had any customers affected so far. Feels good when customers realize how effective our strategic guidance is!