As you will doubtless have seen over the last few months there has been a major worldwide increase in malware attacks in schools, Whilst currently the victims of the attacks are not within educational establishments (although there has been in the past) there remains a risk that this or other future efforts may well target the education sector. Microsoft have launched a number of patches over the weekend in relation to this attack and we are currently working on getting them pushed out to all our IT Support Customer. Please be aware that we will be looking to deploy these patches asap and will contact you about rebooting devices to complete the process.
Whether the current ongoing attack is being propagated via ‘brute force’ attack or by the softer routes of someone opening an email attachment is not yet clear. However regardless of the nature of this latest issue there remain a number of simple steps that all organisations should ensure are taken to minimise the likelihood of falling victim to such attacks.
THESE INCLUDE -
• Ensure passwords have strong complexity on any services that can be accessed remotely from outside the school network. In fact, despite the inconvenience, you should ensure a strong password policy for all users.
• Ensure all relevant devices and servers are running up to date anti-virus software.
• Don’t give remote access to users with domain administrator privileges unless absolutely essential.
• Ensure staff do not upload anything to the school network from outside the network – including the use of USB drives to transfer data from home to school or visaversa
• Take extra caution when opening email attachments, even if they appear to be from a trusted source.
IT MAY BE WORTH ALSO BEARING IN MIND THE FOLLOWING -
• Are you still using devices running old vulnerable operating systems?
• Is your server/s coming to end of life? If so it may be running older more exposed operating systems that ideally need to be updated.
• Would your backup provision work in a situation where the whole system has to be rebuilt/restored? Do you have sufficient backups that would allow you to reinstate your system in the event that you do fall victim to such a circumstance?
The vulnerabilities this attack utilised were in older operating systems which, for the most part, if this is not relevant to your networks please still take heed of the above precautions as solid, sensible measures that can only help protect you moving forward.