Last month we posted an article about how patching your computers is difficult and cumbersome, but also extremely important. It didn’t take long for the news to catch up with us. Today’s example of just how quickly things go bad when you aren’t keeping up with security patches comes to us from England, where at least 16 hospitals had to divert emergency patients due to a ransomware problem.
In this case, attackers exploited a Windows vulnerability for which Microsoft had issued a patch…two months ago.
We often talk to customers about these risks, and how “patch Tuesday” release notices are a sort of treasure map. Attackers know that they only need to target new vulnerabilities faster than you can close them. Today’s attack is a chilling reminder of these truths. It has happened to a large institution with a dedicated I.T. team, and very shortly after the vulnerability was disclosed.
Worse yet, for those still using Windows XP and Server 2003, there is no defense against these sorts of attacks. Microsoft has given up on issuing security updates for them long ago. If an attacker can compromise a Windows XP or Server 2003 system, they have a clear path to wreak havoc on every other computer on the network – even the new ones.
The cost in terms of time, money, lost productivity, and things like morale & reputation for dealing with a ransomware or malware outbreak is many times higher than the cost of designing and maintaining I.T. systems to be protected from them. Using a trusted adviser like Nomerel brings those costs down even further. Which raises a question – if you know all this and you still aren’t patching, it’s probably not because you’re rich. It’s probably because you need help making it happen. In which case, we should be talking about how we can help simplify this part of your business life.
A couple of our Office 365 customers are seeing a sudden increase of phishing emails lately. These emails appear to come from Microsoft and look very legitimate, but contain links to malicious websites. The trend began in the past couple of weeks, and has been very persistent. A common theme seems to involve telling a person that their email quota has been filled, and they need to “click here” to upgrade.
We often advise customers to be skeptical of email messages, particularly ones that contain links and are unexpected or seem out of place. In both cases, our customers forwarded the messages to us with the question “should we be concerned about this?” That’s exactly the right thing to do when in doubt, and more often than not, one should probably be in doubt!
We work hard to instill our customers with a sense of calm and stability regarding technology, and we work hard to ensure our customers aren’t required to participate in maintenance activities. It’s because of these reasons that, for our customers, phishing emails like these look so suspicious. A skeptical customer is a happy customer!
We’re seeing more notices from the last of our providers who ‘supported’ Windows XP and Server 2003 that the clock has struck midnight for those aging systems. This is of course not a surprise – we’ve heard and even echoed these warnings for years – but it’s another reminder that XP & 2003 are still problems for SMBs.
What concerns us most is the tremendous risk these systems represent at small & medium businesses – risks that some owners may not be aware of, or know of and want to avoid, but don’t know where to turn or are afraid they cannot afford to deal with them.
An ‘existential threat’ is something that if it occurred, would likely mean the end for your business – a situation so dire, there would be no recovering from it. While we try to avoid hyperbole wherever possible, sometimes we need to use dire terms to adequately convey the sentiment. We refer to the continued use of Windows XP and Windows Server 2003 using that exact phrase. Put simply, every day a company remains on Windows XP or Server 2003 is another day they are at a heightened risk of a failure occurring which could mean the unplanned demise of their business.
Assuming the worst happens and those systems are rendered permanently inoperable, it’s important to know that you’re going to be forced to start over from scratch. You can’t get another computer running an OS that old, so you’re going to be forced into upgrade no matter what. The problem with upgrades is that you may have applications that must be upgraded too, because old versions of applications won’t run on new systems, or vice-versa. Starting to get complicated, isn’t it.
But what about your backups? Sadly, even if you do have good backups, if your hardware has failed, where do you restore them? It can sometimes take weeks for new server hardware to arrive, and if your servers are too old to have a hardware warranty, you really have no other option. If your PCs running Windows XP fail, it’s obviously easier to replace the hardware, but do you know whether there are any files or programs on it that weren’t backed up? When was the last time you tried doing a restore of your backups, anyway?
You may have to spend days, weeks, or even months rebuilding your Windows Server infrastructure, upgrading applications, and doing all of the other time-consuming upgrades you’ve been putting off, just to get your company back up and running. Keep in mind, you’ll be paying premium prices for the equipment and services needed to get you up and running again, because nothing is cheap in an emergency.
At a company with 10 employees, it could cost over $400 per hour while you’re down. That’s $16,000 a week in lost productivity – more than enough to buy new everything today. During that time while your employees are far less productive, will you be able to conduct any business as usual? Will you be able to send out invoices or place orders, even send or receive email? You may very well lose data – is that OK? Is any of it worth the risk?
These concerns extend well beyond technology though. While you’re sorting through what to do next, you still have a business to run and employees to retain. Can you afford to pay them while your technology isn’t working, for days, weeks, or months? If the outage runs longer than a few days and you need to lay them off, what will they do? What will you do? If you can’t retain them, what other new risks or problems will you have to deal with?
As unlikely as it sounds, sometimes a single old server that finally kicks the bucket could well mean the end of your company, if you let it.
If this sounds like it could be a problem for you, don’t fret. It’s solvable, and it can be done with a lot less pain and suffering than you might think. As long as these problems are dealt with before they come to pass, we can fix them in such a way that your business will barely notice a hiccup at all. It’s what we do for customers every day.
Reach out to us today so we can talk about it with you, via sales@nomerel.com or by phone at 918-770-4099.
Adding an attachment to an email in earlier versions of Outlook used to be so terrible, that I would always either open the folder containing the file I want to send and do drag & drop into a new message, or just right-click on the file and choose Send To -> Mail Recipient.
Well, they’ve made a big improvement in Outlook 2016 – if you haven’t upgraded or aren’t on Office 365, you’re missing out!
The “Attach File” button on the menu ribbon now opens up a (long) list of the most recent files you’ve been working on. You can include any of them with just one click each. Of course, if you still need to browse for it, you can do that too.
If you’re like me, you develop muscle memory for doing repetitive tasks like this, kind of like not using your index finger because it has a splinter in it. I was happy that my Outlook splinter was removed, and hope this helps to make life simpler for some of you as well!
Noted security expert Brian Krebs does a good job of keeping people abreast of actionable security issues, such as the release of fixes for vulnerabilities that can be easily exploited with tremendous effect. Today’s post of his is no exception. When Adobe and Microsoft release these patches, it affects virtually everyone who uses a computer.
Unfortunately, for many companies, patching is tough to do well. Sometimes because the toolsets aren’t good, and sometimes because they don’t have the time or expertise to establish good systems for keeping current.
The downside of not staying current with critical security updates, is that attackers have a precise map of exactly how to attack computers – these maps are drawn by software companies who detail exactly which vulnerabilities are being patched next, at which point the arms race begins. If you don’t patch holes before they exploit them, you lose. Cryptolocker, anyone?
Ensuring that our customers’ systems are always protected against these types of attacks, through patching and best-practice setup of their environments – is one of those unappreciated behind-the-scenes jobs we do. It’s just another way we deliver simplicity as a service. If your patching situation leaves something to be desired, we can help!
Recent Comments