On Friday 12th May 2017, Microsoft windows computers around the world were under attack.
The ransomware, called WannaCry, a type of virus or malware, was used by hackers to lock users out of their files and request the administrator to pay to access them.
WannaCry exploits weaknesses in a version of Windows that Microsoft previously released a security patch for last March.
Over 200,000 computers infected were affected including the UK’s healthcare system, NHS. The hackers have yet to be identified.
With this in mind, we want to highlight some best practices to protect your software against this type of attack.
Azpiral’s security practices
At Azpiral, we practice our 4 top tips as outlined below as well extra in-house measures to ensure our software is protected from viruses or hacking.
Our data is stored on secure servers in Rackspace, this is a separate network and none of our client’s email addresses are stored on these servers.
All servers are running the latest Sophos endpoint security software this software automatically updates every 8 hours.
All our development, QA servers and all our machines are set to automatically download and install the latest security updates on a weekly basis.
All PC’s and laptops also have Malwarebytes anti-malware installed. These security updates are critical in defending against the likes of the WannaCry attack.
All our machines physical and virtual have anti-virus software installed and our client devices have Malwarebytes or windows defender.
We are not running any windows XP machines. As no security patch has been released for XP.
Azpiral’s anti-virus software is controlled centrally by our I.T department.
Azpiral’s 4 top tips
1. Beware of dodgy emails
The most frequent way for malware and viruses to spread is through email. Emails from unknown sources must be treated with care.
If these emails have an attachment it is better not to open the attachment and deleted the email.
2. Install anti-virus software
Each PC and server in any organisation should have anti-virus software installed. Configure all anti-virus to update automatically on a daily basis.
Microsoft releases updates once a month. It is important that all PC’s and servers should be updated as soon as they are released
3. Don’t forget to back-up
Back-ups are essential and should be a common practice in organisations. Applications like Microsoft can be easily re-installed.
However, user-generated data, unless backed-up, could be difficult to recover.
4. If infection is identified
Firstly, if an infection is discovered on any machine immediately remove it from the network or the wireless connection.