Winter Housekeeping Tips for IT Teams
NETWORK OPERATIONS CENTRE MANAGER
Organisations all over the world were left reeling when the WannaCry ransomware struck earlier this year. In Britain, the NHS was hit hard, with hospitals and doctors’ surgeries in some areas forced to turn patients away.
If that wasn’t bad enough, it soon emerged that NHS Digital had issued trusts with a patch that could have hindered the attack. Trusts that hadn’t installed the patch were slammed in the media for failing to follow basic IT security measures.
I’m sure that IT managers all over the country felt their blood run cold.
Patching is one of those lowkey, arduous jobs that can easily slip to the bottom of the to-do list. The same can be said of disaster recovery testing. But as the ransomware threat evolves, both tasks need to move up the agenda. This year’s high-profile attacks underline what cybersecurity specialists have been saying for years:
Cybercrime is a universal threat. It’s not only large organisations in the firing line, small and mid-size firms are equally at risk.
In fact, I’d take that one step further. Smaller organisations face greater risk, as they have lower resilience to withstand the business impact of an attack. The disruption and reputational damage following an incident can be immense. Even more so if disaster recovery protocols are out of date.
With Christmas downtime coming up, IT teams have an opportunity to get their house in order. A top priority should be patching and disaster recovery testing.
While businesses generally keep their antivirus up-to-date, regular patching of Windows Servers is often overlooked. However, patching with the latest versions is an effective way to mitigate the ransomware risk. If you're still running patches from three years ago it only diverts the focus of a ransomware attack.
It’s recommended that Windows Servers are patched at least every three months. This minimises the risk of being infected by a virus or malware, and ensures that servers perform at their optimum level. Microsoft strongly recommends this approach in its best practise guide.
DR testing best practice
When was the last time you checked you could restore from backup? This is a common question that we ask our clients. Yes, you may receive an automated email that shows backups have been successful. But are you truly confident that you could restore one or more of your servers from backup in an emergency?
Regular validity testing of backups is recommended so you can be confident about restoring from them should the need arise. This process should enable you to roughly calculate the RPO (Recovery Point Objective) and RTO (Recovery Time Objective) for your network. And it’s a good idea to document the process for restoring both files and servers from backups.
Reviewing the current backup solution is also important, to ensure it’s still the best solution for the business. If your business has grown since it was installed, it may not be fit for purpose. Look at options involving onsite/offsite/cloud backup which may be a better fit.
Peace of mind
Patching your IT infrastructure is like locking the door when you leave the house. It’s not as exciting or visible as a refurb or a major installation. But failing to do it puts you at risk of criminal activity.
And when it comes to disaster recovery plans, the big question is not ‘do you have one?’ but ‘have you tested it lately?’. Sooner or later, an incident will arise, and your plan will need to be put into practice.
Give yourself some peace of mind for 2018. Schedule some patching and disaster recovery testing today.