Blog / Be Prepared!
Phew! Disaster avoided. We removed the computer from the network and eradicated the virus. Fortunately, the ransomware infection was caught before it spread to the network shares and a linked office server through Remote Desktop. While the client’s backups are solid, it would have meant several hours of down time for the whole office if the server had to be restored. The net impact for this client was 1 workstation offline for about a day.
Another client – located across the street from the first – was not so fortunate. They were also hit with a ransomware virus. Their AV software was out of date and they only had rudimentary backups. The technician – with the help of the client’s vendor of their specialty software – spent two days trying to recover the workstation and server files, but it’s impossible to create something that is just not there. The tech finally found an obscure backup file that was used to recover most of the files – it was fortunate. Meanwhile, their entire operation is severely hampered until this problem was resolved.
Of course, the lesson is obvious – Be Prepared. One client was, the other was not. Organizations large and small are increasingly spending more of their IT budgets on countermeasures to thwart attacks on their network – really attacks on their business operations. Many senior managers struggle with these investments as they do little to increase productivity; they just seem to add expense. These are the same people who balk at putting snow tires on in the winter – until they get stuck.
An effective countermeasures plan takes money and work. Here are some of the elements:
- Anti-Virus software on every workstation, laptop, tablet and server; the best money can buy. It needs to be web managed with real-time alerts and configured so that users cannot disable it.
- Industrial-strength firewall with cloud-based dynamic filtering. This also needs to block all but essential traffic; no iTunes, YouTube, or Facebook.
- Centrally managed and filtered Email system, including blocking blacklisted and suspicious senders.
- Stable, consistent, tested backups with a Disaster Recovery plan
- Strict organization-wide policies and procedures, especially concerning Acceptable Use of corporate IT assets.
- Staff awareness training on how to compute safely and what to do if suspicious activity is observed.
I still tie granny knots and get lost in the woods. But protecting your network, well – let’s talk!