The recent unprecedented global viral ransomware attacks have highlighted how negligence in system administration, such as maintenance and preventive measures, can have far-reaching and devastating impacts.
Akin to ship captains, companies and firms have, for the longest time, been focused on bringing on new technology to make their ships sail faster and further while neglecting to keep up maintenance on the actual infrastructure of their ships.
As the saying goes, if the ship is not sinking, don’t rock the boat. Unfortunately, this is no longer relevant in today’s environment. The changing currents of today means that companies can no longer assume that advanced technology alone will be able to keep their ship afloat.
If anything, the ransomware attacks last week have shown just how easy it is for unpatched and unmanaged operating systems to be attacked and exploited. In the race to become faster, better and quicker, companies have overlooked the importance of keeping their IT infrastructure and operating systems secure and up to date.
Many companies are still using operating systems that have ceased and expired, or are still utilising expired custom-made software by external vendors. These software often have missing patches that provide the infrastructural loopholes for hackers to penetrate.
Criminals exploit user workflow behaviours and old operating systems that no longer have security patches. Old operating systems combined with customised software platforms that run only on old operating systems poses the largest cyber security lapse. Furthermore, these risks are transferable from one organisation to another through email communications and connected servers.
While employees should be trained to meticulously identify and avoid suspicious emails, discerning businesses need to actively seek preventive measures or engage pro-active based outsourced IT professionals to mitigate cyber security risk as much as possible with industry best practices.
Julian Ma, Computer Guys CEO explains, “Even though we manage 120 organisations, keeping their environment secure is no mere feat. It takes more than IT standards and persuasion to implement preventive measures and solutions to safeguard against cyber risks. Especially smaller companies when resources are limited. Consolidated knowledge from best practices definitely helps.”
Some solutions businesses can consider include:
(1)Adopting industry best practices to bridge security gaps
(2)Putting a backup or disaster recovery plan in place
(3)Ensuring their IT team is consistently up to date by engaging with continuous learning
(4)Ensuring there is proper hardware maintenance and device turnover cycles
(5)Ensuring software upgrades are actively in place
(6)Making sure there is adequate malware / virus protection with consistent security updates
(6)Avoiding using old operating systems that no longer provide security updates
“In summary don’t just lock the front door. Make sure you have sufficient security on all doors. Do not discount the importance of administering your infrastructure any further”.