When news broke on Friday of a global Ransomware attack, local government municipalities and companies scrambled to make sure they wouldn't be affected.
The computers that were spared were mostly the ones where the security update was installed in a process called "patching."
"Patching is a big deal. It can be easy to do but it's one of the things that is most often missed among organizations as a whole," explains Ryan Irving, a Cybersecurity manager for the Hillsborough County government.
Irving helps manage the computers for over 30 county departments, that includes doing IT, support and security.
"It's definitely a big network to manage," admits Irving.
But, he says, they keep close tabs on patches, and have other security measures as well.
"We do have perimeter security meaning we have your typical firewalls, your intrusion protection type devices," he says.
Patching, anti-virus software, and good passwords go a long way towards preventing hacks, but it can all be easily undone.
"All those controls are rendered useless if someone clicks on a bad email and allows folks to enter the system with privileged access," says Tony Martinez of Cybersequr, a Tampa-based cybersecurity company that specializes in helping small and medium-sized companies avoid having their information held hostage by hackers.
"It's critical in case of things like Ransomware, really any kind of breach, that you have a backup system and an incident response data recovery plan and system," says Martinez to ABC Action News. "Make sure you keep your operating systems, your browsers up to date. I can't tell you the amount of companies that don't have your computers up to date," laments Martinez.
Martinez says the biggest security problems are human-error, which is why Hillsborough's County Government routinely educates their employees about how to avoid putting taxpayer information at risk.
"Security really takes a village to implement and run in bigger organizations," Irving tells ABC Action News. "I could not do this effectively without the support of our system and network administrators, nor without our developers. These teams really do a great job at re-mediating security findings and reporting potential issues for review."
Irving provided their employees with a tip-list to help keep their systems safe, and provided it to ABC Action News to help anyone interested:
- Keep your computer updated: In addition to desk units, laptops should be connected to networks at least every 30 days to get up-to-date security patches.
- Choose strong passwords: Passwords should not be easy to guess (i.e., your name, dates or dictionary words) and should include numbers and special characters.
- Keep your passwords safe: Passwords should not be shared with anyone.
- Use email safely: Be cautious of attachments, links and forms in e-mails that come from people you don’t know, or which seem “phishy.”
- Control access to your computer: Lock your computer when you leave your desk.
- Use secure connections: Only connect to wireless access points that you trust and when transmitting sensitive information. Look for https//: in the URL.
- Follow clean desk policies: Sensitive data should be locked up when left unattended.
