The past few weeks I’ve been talking about cybersecurity preparedness in 2019. I can’t emphasize enough how important planning and proactive preparation are to making sure your organization doesn’t fall for ransomware attacks or succumb to data breaches.
It pains me every time my phone rings and a CEO is on the other line frantically trying to figure how to deal with a breach or network-wide infection. Their files are all locked down and workers are at a standstill—accountants can’t get billing or payroll out and operations and sales teams cannot efficiently move through their task lists because everything is tied up and locked down on their network.
The hardest part to wrap your head around is that pretty much 10 times out of 10, that phone call (that cyberattack) could have been completely avoidable. And nearly 80% of the time, those avoidable circumstances come from IT teams not keeping to very basic security processes.
Microsoft and other big tech companies’ big security teams test and release patches and updates to software—with the single intention to protect users, businesses and organizations like yours. Nearly every network my team evaluates has problems with missing patches and outdated security.
Today I want to revisit a topic that comes up nearly every month. This topic should be on your IT guy’s list.
Every single month—and usually more frequent than that—big software companies like Microsoft release updates and fixes to their platform. Their teams test and retest their software looking for any sort of vulnerability a hacker or criminal could use to penetrate and take possession of your computer network.
This January is no different. In fact, Microsoft alone released 49 security vulnerability updates this month so far. Think of that for a minute. We’re just halfway through the month and already there are 49 new risks that, if not addressed, could open the door to your organization’s files being locked down. 49!
Can you afford 49 new ways for a criminal to take over your network?
Every single one of those 49 vulnerabilities is at least considered severe towards your network security, 7 of which cybersecurity experts have deemed critical.
And already, one of these vulnerabilities has been publicly known—which means that criminals could be actively working on finding ways to use that known exploit to hack into systems. This specific vulnerability allows for an opened malicious file to be able to execute code without you knowing or needing to approve it.
For a minute, think about all of those phishing attacks that you’ve been seeing in the last year (criminals have found phishing emails to be one of the most successful and easiest ways to get on your network). What if one user clicks on that file attachment in an email?
It just takes one… If that hacker is exploiting this Windows 10 vulnerability and you don’t have it patched on your network, you’re probably looking at a big problem—that could have been resolved with a few mouse clicks!
Some more scary highlights?
ALL 7 critical
vulnerabilities can allow remote code execution—what this means is that someone
from Russia, China, or even at the closest Starbucks near your office would be
able to inject code in your Windows 10 operating system (various versions of
Windows 10, including servers!).
Another vulnerability actually discloses information that is being stored in memory on your machine. That means that if you’re an accountant, HR professional, or any other person within your organization that frequently accesses sensitive information like bank account numbers or Social Security numbers, that data may be easily accessed and you’d not be the wiser if it was.
Say you had an Excel
file or Word document open with important donor information or employee data. A
hacker could successfully exploit this specific vulnerability to obtain that
information from the office memory.
While Microsoft has been celebrating the very
talented folks that discover these vulnerabilities—in fact they frequently
applaud their team and other external teams for helping to keep Microsoft
Windows safe—what’s scary to me is that you might not have anyone actually
keeping your network updated and
secure.
What’s your remedy?
I hate to bring up bad news, but cyberattacks are NOT going away. Criminals are reading these Microsoft reports—which detail the technical components of each vulnerability.
These same criminals are motivated to find ways to make these exploits work for them—ways to penetrate your offices and either steal data to further exploit your network (stealing credentials to them hack and shut down your systems) or to directly ransom your office, ruin your reputation and cripple any prospect of continuing your growth.
What we recommend: check your patches. If you’re not up-to-date on your Windows Security (there are a LOT more software systems than Microsoft’s to worry about, but just for a second focus on these 49 vulnerabilities).
Then, patch and test your systems. Each workstation and every server. Most IT guys say that they’re patching your machines—and many have very good intentions of doing just that, but it all boils down to not having enough time in the day.
If they don’t prioritize
your network’s security and simply run around fighting user fires and problems,
when will they have time to keep your security top of mind?
Cybersecurity experts encourage organizations to double check the simple stuff just to make sure every ‘i’ is dotted because it’s far easier checking than recovering after the fact.