I don’t wanna be Cyber Attacked – what can I do?

A question I often get asked is should I accept all these annoying updates from Microsoft.

YES! Is the short answer, and really the only answer, but many don’t or won’t?

OK, so there are caveats. If you only connect to your own network at home, never use the World Wide Web, never do anything that requires passwords and do not use internet banking, then no, you do not need to update. If you do, however, you really should!

In a recent whitepaper, DUO* suggested that over 65% of devices running Microsoft Windows are running the outdated Windows 7 released back in 2009. The operating system was withdrawn from support in January 2015 as it was too vulnerable to attack, although, Microsoft will still release minor security fixes until 2020. That, removal of support, was over two years ago, so if you are still running Windows 7 and accessing the World Wide Web, you are extremely vulnerable to attack! Microsoft even offered a free upgrade to the more robust Windows 10 for free, yet people still did not switch. I appreciate that people still like Windows XP and Windows 7, but they are just no longer safe or relevant in today’s online world. The software is changed and updated for a reason, it is not just to make money – after all, they gave it away for free – it is to plug the data holes and keep you safe online. This is not just a problem with out of date Windows devices, it is also the same for Android and iOS on Macs. Yes, the Mac is just as vulnerable to attacks**, it is just with about 7% of the P.C. market, you tend to hear less about it***.

  • If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses. Internet Explorer 8 is also no longer supported, so if your Windows XP PC is connected to the Internet and you use Internet Explorer 8 to surf the web, you might be exposing your PC to additional threats. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter more apps and devices that do not work with Windows XP. —Microsoft

Now, if you take your “old” device into work to connect to their network, you are now making your entire company vulnerable to attack! Once you open a port from your device to the work intranet or Wi-Fi, you are giving attackers – via your outdated software – instant access to the network. Not only that, you are allowing a would-be attacker easy access to an otherwise secure business network. At the very least, everything you can access an attacker can also access. If they are sophisticated, they can potentially gain access to all the network. All this, just because you really like older versions of Windows! At my former place of work (a secondary school) a teacher brought in their old XP laptop and opened an email, they received from a person they did not know. Unwittingly, by opening that email on the school network, they introduced ransomware onto the network. This encrypted the entire school network and all drives. For nearly a week, the school network was unusable while the technicians worked to restore previous network backups. When the system was eventually restored, all the recent files people had been working on since the backup were lost. Obviously, the school did not pay any ransom, but only because they back up the system files twice a week; had they not have done – there would have been no way to restore the files without paying the ransom and getting the unlock code.

In the light of recent cyber attacks, in May 2017 –  Microsoft has come out and said this is a “wake-up call” and reiterates the need to install their security patches as, and when, they are released.

  • Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypt certain file types on infected systems and forces users to pay the ransom through certain online payment methods to get a decrypt key.https://www.trendmicro.co.uk/vinfo/uk/security/definition/ransomware

I am certainly not trying to imply that, had the user been using an updated version of Windows 10 that that would never have happened. Instead, I am trying to add to the discussion that the often overlooked threat to network security is internal human errors****. However, “User Behavioural Analytics” are beyond the scope of this discussion.

Summary

Keeping your system up to date with the latest security patches and software add-ons remains a highly important step in combating hackers.

In short —

INSTALL and UPDATE

  • Your Operating System
  • Your browser
  • Your browser add-ons
  • Anti-Virus software
  • Anti-Malware software
  • Anti-Spyware software
  • Firewall

·        Do NOT open unknown emails and attachments EVER!

Some people tend to think that if your device is set to download and install updates alongside a disk defragmentation automatically at the default time of 03:00AM, then that is enough to keep them safe if they turn their machine off before bed. Well,…are you saying you expect the device to wake up at 03:00 and turn itself on, connect – by itself – to the internet, download and install updates/patches/drivers/code then check your hard drive for errors – before turning itself off again and going back to sleep? I’m sorry but it doesn’t!


 

I hope this article has gone some way in helping you understand the importance of UPDATES. If it has…please LIKESHARE or FEEDBACK the post. Thank you.

About the Author, – Dr Richard Haddlesey is the founder and Webmaster of English Medieval Architecture in which he gained a Ph.D. in 2010 and holds Qualified Teacher Status relating to I.C.T. and Computer Science. Richard is a professional Web Developer and Digital Archaeologist and holds several degrees relating to this. He is passionate about the dissemination of research and advancement of digital education and Continued Professional Development #CPD. Driven by a desire to better prepare students for industry, Richard left mainstream teaching to focus on a career in tutoring I.T. professionals with real skills that matter.

#ttrIT #ttrcareerinIT #ttrLearnToCode

Visit his Blog and Website

Read more about Dr Richard Haddlesey BSc MSc PGCE PhD

Bibliography

*https://duo.com/resources/ebooks/the-2016-duo-trusted-access-report-microsoft-edition

**https://nakedsecurity.sophos.com/2016/09/02/patch-now-recent-ios-vulnerability-affects-macs-too/

***http://www.macworld.co.uk/how-to/mac-software/do-macs-get-viruses-do-macs-need-antivirus-software-3454926/

**** The Essential Guide to Behavior Analytics – www.balabit.com

Please follow and like us: