Stop Using Old Tech
As a developer, it’s easy for me to stay on the bleeding edge of all things tech. Code libraries, hardware, software, operating systems, etc… It’s all in my job description. It’s also something that I enjoy doing.
Many people and companies aren’t like me. They aren’t paid to know the ins and outs of everything on their machines. Their jobs could be in unrelated fields completely out of touch with tech. They could be entirely uninterested. Or, they could just not know where to look for news/updates. That’s all prefectly fine as long as you have some way of staying up to date.
Automatic updates to currently supported systems like Windows operating systems, Java’s runtime, etc… have made this process very easy for the casual user. It depends on one thing though, the user. As long as the user doesn’t fight the change for too long, their computer will remain secured. Don’t be the one to fight the change.
For large companies it gets a little bit trickier. And frankly, much more expensive.
Not all companies are tech forward.
Take a lumber yard for instance. They have a computer that they depend on daily for all of their operations. Orders, inventory, purchases, job requests, etc… all go through this one system. Now this system has been working for them since 1999. In their eyes, it’s perfect. However, it only runs on Windows 98. That’s a major problem. Windows 98 completely lost support in 2006. That’s a long time for people to tinker around knowing that any vulnerabilities they find wont be fixed. Hmm…
Now I hate being interuppted while working to update my laptop, but that update serves a purpose. When your OS tells you, “Hey, I have a really important security update for you”. It means it has a really important security update for you. Not allowing your system to update is like a bank finding out that theres a hole in the wall leading directly to the safe and not fixing it. It’s not an easy thing for non-tech companies to always be up to date on all of their systems, but security isn’t something any company can afford to slip on.
There are a ton of reasons for companies to not completely overhaul their infrastructure every year. The software that an MRI machine runs absolutely cannot break. That could be catostrophic. If you are putting off updates to the computers that interact with them, that’s perfectly upnderstandable. If it aint broke, don’t fix it. However, you can section those machines off with a separate firewall and neutralize them as a potential security risk. This costs money, yes. You protect yourself from a ton of security risks though. That’s worth the money. Consider a good system admin team your insurance policy for literally everything that your company has done, is doing, and will do in the future.
I’m no network security expert. I don’t know exactly how WannaCry exploited all of the systems that it did. I wouldn’t have been of much help stopping it. However, according to SecureList, a patch for the vulnerability was released March 14th, 2017. It’s been almost a month. If your system was infected, it’s because you lacked the dilligence or expertise in maintaining up to date systems. Update your computers.