With ever increasing media coverage of cyber-attacks it is now more imperative than ever to ensure that your IT Systems are current, supported and as secure as possible. And now that Microsoft have terminated support and updates for their popular Windows 7 Operating System, malicious software developers will be looking to target this vulnerability to attack businesses and cause disruption.
It is this Windows 7 end of life status that is causing Mode clients to undertake a review of their IT systems to ensure that they are up to date, are manufacturer supported and have the right level of protection from external attack.
Whilst large corporates will be in control of their update path, many smaller businesses will not be aware of the potential impact and implications to not running the latest releases, adopting an “if it ain’t broke, don’t fix it” approach. Unfortunately, it is this mindset that will cause systems to be compromised in the future as there will be no further maintenance performed to them.
The Company’s issues
One of our clients however has recently used the cessation of the Windows 7 platform to look at their complete IT infrastructure to ensure that it was as secure and reliable as it could be. The team here at Mode performed an audit of their systems and identified several areas that needed improvement including:-
- Multiple anti-virus products being used throughout the organisation, some machines with more than one product active!
- Different versions of Microsoft Office being utilsed, including 2007.
- Desktops running multiple Windows Operating Systems from 7, 8 and 10.
- Windows Updates not being applied to all machines, with some being over a year out of date.
- Large levels of Spam email being received on a daily basis.
- Many Web Browsers being used on machines.
- Administrative rights being granted to users on their desktops.
- Simple passwords being used and shared amongst all users.
- Remote user laptops only secured by simple passwords.
- All users being provided with remote access to the Server, whether it was actually required by the business or not.
Whilst the above was not causing any problems from an operational perspective, clearly this is not best practice as to how IT systems should be maintained.
Through the introduction of new processes and a small investment in hardware and software products we were able to address each of these concerns within a short space of time with minimal disruption to the userbase:-
- Introduction of modern, anti-virus solution with central management, update services and reporting.
- Migration to Office365 to ensure all users were on the same version of the Office product with automatic updating to the latest security and program updates.
- Standardisation to the Windows 10 Operating System across all machines, performing in-place upgrades where possible or machine replacements where hardware was not suited to the new environment.
- Windows 10 configured to perform updates automatically in the background once they are available to ensure that all users are on the latest security release of the environment.
- With the migration to Office365, this has automatically provided a level of Spam protection that is ensuring only the required emails to the business are being allowed through.
- Agreement with the business of just 2x Web Browsers to use and removal of non-supported products. Automatic updates configured as required to ensure that the latest product versions are always present.
- Administration rights removed from all users to ensure that their desktop environment cannot change an no additional software can be installed.
- Password complexity introduced to ensure a minimum level of characters and complex strings being a core requirement, as well as password change enforcement every 30 days.
- Enablement of Encryption services on remote Laptops prior to Windows starting so that the data cannot be accessed without an initial key being entered to allow the machine to start. Without this key being entered, the data cannot be viewed.
- Review of all remote user access to ensure it was restricted to only those that need it. In addition, a secure Firewall with VPN Services was installed so that remote users have to authenticate against the Firewall before they are permitted with access to the Network. It is planned to introduce a 2nd level of password through a random token on the remote users mobile phones (2-Factor Authentication) in the near future to improve on the remote security offering.
The above steps have greatly improved the IT offering to the users at the business and also ensured that they are in a much better position from a security health point of view, with any new users that are brought into the business automatically having these new policies applied to them.
We will continue to review the installation every 6 months to ensure that the levels of protection and policies being utilised remain valid and current for the threat levels that are being seen in the wild at the time of review.