So Friday there is a massive Cyber Attack. The conspiracy theorists are jumping up and down with some plausible ideas about – Microsoft being behind the ransom ware and other major cyber traders.
In 1991 the local authority employed a few of the staff to come up with a strategy as part of the business continuity plan for cyber security and data protection.
Now we looked at the issues and realised that the most vulnerable part of the system had to face the public and the threat primarily came from inappropriate use of software.
So our proposal to the elected members included the phrase cyber responsibility. Where information and machines touch external environments we are responsible for the security of the data and information we protect.
Today every device is a gateway and there lies the risk. Because in the interest of speed and efficiency we sacrifice security or employees can compromise that security.
So Who is to blame?
Truth – We all are! Microsoft knew that old technology would protect networks and machines. Software upgrades and patches rely on the skill or understanding of the few. Too few people understand how OS work and why this is the vulnerable element of the PC network.
We accept the MS operating systems are the most cost effective but truth they are the easiest and most vulnerable. There are many reasons why but the primary one is that one size fits all approach limits the security levels you can enable.
Two key principles:
If your OS is compromised ensure that you can switch to access data using an alternate OS.
Ensure that the OS and program files exist in a distinctly separate area of your network.
The network system I was responsible for was attacked a few years ago by ransom ware – I had reverted to an old PC with an old OS for temporary staff. This provided the gateway to the network so we were all locked out. Over 30 desktops, a number of laptops and mobile devices. Small numbers.
However within an hour everyone was back online and no data compromised. No ransom paid. Total work lost 40 minutes and zero data corrupted.
Have a contingency in place and deploy it immediately – do not try to fix the problem.
Remember we are the custodian or gatekeeper of information and learning how to create secure data separation will reduce down time and data loss.
The next big threat will be when ‘the cloud begins to rain’ the remote storage of data comes with real risks therefore the public cloud is not a safe place to store company data and personal information.
One of my colleagues asked if he could sue the hosting service for this type of event, or at least pass on liability. He didn’t like the answer, so use this weekend as a moment to review your practices and update your cyber security