Finally, winter is over and spring is here, the fruit trees in the garden are now showing signs of life; and hopefully signs of some bounty to enjoy later in the year.
The past month has been spent looking at a couple of security issues for some clients and trying to decipher some rather poorly written code, in order to quote for further development. I’ll talk about the poor code in another blog post as it poses several interesting issues. The security issues fit rather nicely into the theme of spring, especially the idea of spring cleaning.
Over the past 3 months 5 of my clients have been hit with some form of security attack, including 1 ransomware incident. This is a significant increase in malware and security attacks. It always amazes me how so many companies don’t apply some data security practices. Almost every time I review security at a client I find users have turned off the windows firewall. Normally to resolve a problem, but instead of creating a rule to resolve the issue once the firewall has been identified and then turn the firewall back on, they just leave it turned off. Anti-malware applications are great; however, the definitions need to be updated. As does all of the applications on the computer, patches more often than not contain security fixes. The number of clients who complain about patches being deployed, and even turn these off so it does not affect their daily work.
I have an automated patch management tool which automatically approves and deploys all patches to my PCs, because this is a little and often approach, I hardly notice the deployment. My computer only needs to be rebooted occasionally for the patches. Now I am using the latest operating system (Windows 10), with the latest version of the Office suite (Office 2016) alongside the latest tools by other vendors. This does help reduce the impact of some patches, Windows 7 for example with Office 2013 can require multiple reboots following patch Tuesday (the second Tuesday in the month) when Microsoft release the majority of their patches.
Can I plead with all companies out there to refresh their security policies, ensure patches and updates are applied in a timely fashion, and clean up their user permissions? This will not only help protect your company, but help stop the spread of malware. thereby helping every other company out there.