If your turnover is more than 3 million, your business is subject to the Information Privacy Act and the OAIC guidelines. The guidelines say you need to take “reasonable steps” and “active measures” to ensure the security of personal information.
For your business to be secure today you must have addressed four recent problems security researchers found.
1. Problem if you have SMBv1 enabled
You’ve recently heard the media talk about the WannaCry Virus. What they missed is an update to stop the virus was released in March, months before the virus arrived. This virus is not an issue for our customers, they have all been updated.
MANAGEMENT SHOULD: Ask for a report listing the last time every PC and server was updated. Fix any missing the updates released in May.
Bonus points: As an extra precaution, you can ask your IT team to also disable SMBv1 on all computers & servers. It was replaced by SMBv2 and SMBv3 many years ago anyway 🙂
2. Problem with Windows default Antivirus
Windows Defender creates a problem with all versions of windows able to be automatically infected with a virus using a bug. Any computer using Microsoft’s antivirus without a recent update is vulnerable.
MANAGEMENT SHOULD: Ask for a report listing the computer antivirus engine and the date it last updated. Fix any that last updated more than two days ago.
3. Problem with HP laptops
HP also made headlines for including a keylogger on some laptops. It’s easy to make affected machines log every key you press into a file.
MANAGEMENT SHOULD: Ask if any purchased assets are in the list of affected models. Apply updates to any affected assets.
4. Problem with Intel Software on many computers
Intel also has a major software vulnerability. This is a problem to watch as it affects 137 of our customer’s computers and there is no update available yet. There are short term workarounds until there is an update to fix this problem.
MANAGEMENT SHOULD: Ask for a report of affected machines and implement short term workarounds (available at the link above) until updates are available.
The above are all major issues and the media is only talking about one of them. We gave the reports above to our managed customers to help avoid any worry they might have after listening to the news.
