Simple controls your company can implement today to stay protected tomorrow!
Cyber Security and Data Protection can be overwhelming. There is an enormous amount of advice on the Internet, but it is quite difficult to know how to get to started.
At CyberSmart believe that Cyber Security should be accessible and easy for everyone. Therefore we have compiled a series of actionable steps to help you protect your data. Each week we focus on one control, provide some background information and answer common questions.
Part 2: Updates
Patches or updates are fundamental to system integrity and security. In May 2017 the NHS was hit by a ransomware attack, encrypting the files stored on more than 100,000 devices and causing temporary chaos in the health sector. But the attack went even further and disabled devices of major corporations in Germany, USA and China.
Many of us think that an attack of this scale only succeeded because of its high level of sophistication. Contrary to this widespread belief the attack was a nontargeted, relatively simple commodity attack, which used a known weakness in Windows.
Why did it happen?
Because operating systems were not up to date.
Regular updating or patching is crucial because new vulnerabilities and attack vectors are discovered daily. In other words, developers work around the clock to make operating systems and software more secure. That implies that the Windows you have installed today is secured against attacks that are known at that date. However, after a couple of months, new threats and weaknesses are discovered. Through regular updates, security related issues are patched as they arise.
The safest thing to do is to turn on automatic updates which allow the system to receive fixes as soon as they become available and install automatically. Another important thing to do is to disable all unused services and their respective ports, reducing the size of the attack surface.
If you have any questions around Updates or Cyber Security in general or just want to have a chat, drop us a line at firstname.lastname@example.org