Security in an office network has always been incredibly important, but now it seems more important than ever. Ransomware is becoming increasingly more threatening as it affects larger and larger targets at an increasing rate. As such, most IT service providers and MSPs (managed service providers) have been focusing harder on making sure that the state of their client’s network security is top notch. However, there are a few issues that keep their efforts from being completely successful.
The first and most impactful issue is put very well by Derrick Wlodarz in their article “The War Against Ransomware: 4 Lessons Learned From the Trenches” in that “MSPs need to ditch the idea that they will be able to prevent 100% of malware. Having a disaster recovery strategy that employs proper planning and IT solutions is the new reality we all need to recognize.”
Disaster recovery is vital to ensuring that when (not if) something happens to shut down services within an office, the down time is reduced to a manageable minimum. With devices like those offered by Datto, even ransomware can be recovered from in a matter of a couple of hours and potentially even detected before it infects more than the source computer on the network.
Wlodarz also mentions is that “Another avenue most major ransomware incidents tend to take advantage of is unpatched software and hardware.” Typically this means that software updates are performed and networking hardware firmware updates are applied regularly. However a much more basic and larger concern is the use of software or hardware that is no longer updated by the company that provided it in the past. With the end of support for Windows 7 fast approaching, any and all machines using Windows 7 will quickly become a serious security risk.
That being said, Windows 7 is not the only thing to be worried about. Even Windows 10 will become risky to continue using if the most recent updates have not been applied for long enough. Performing updates never has to be something that interrupts work. If the schedule for updates is properly devised, the updates can be performed during off hours that also takes into consideration complications with the updates that might take time to resolve.