Microsoft has recently discovered a security exploit in their software, which means cybersecurity experts are now on high alert. This cybersecurity blog post is focused on what you should do to handle the recent Microsoft Security Exploit and what not to do. If you don't want your business data compromised, keep reading!
The first thing to do when Microsoft tells us about a security exploit is to see if there are any work arounds to deploy before a patch is release. There is in fact a work around for the specific exploit, but it runs the risk of potentially breaking some 'line of business' apps that rely on Active X (for Example, Quickbooks relies on older IE engines for some of it's application, we are testing to see if this will break or not). The second thing to watch for is the release of a patch to fix the issue, and then look to apply the patch as soon as possible. Many users wait to apply patches, allowing hackers to continue attacking already fixed vulnerabilities. Remember 'WannaCry' that hit Maersk and a huge chuck of the EU? Over 200k computers infected and the patch to prevent it was over 7 months old.
But, this us brings us back to the ever present question of 'how do I protect myself and my business?' For this specific exploit, it's pretty easy - Don't open documents you aren't 100% sure are safe. If I was a hacker I can tell you how I would try to exploit people. I would look for job posting on Indeed and other job posting sites, then send in resumes to the hiring managers attached to my email. Using an infected word document to try to get them to open the file and click the 'allow editing' button so the exploit could run. BAM - I'm in and your system is infected.
We talk about layers of security all the time, and this is an excellent example of why you need them. You may have spam filters, antivirus software, and other basic cybersecurity protection on your computer, but it's only as effective as your employees' training and more complex levels of security like zero trust.
Because the requirement for cybersecurity training is so great, we're organizing an event in November to educate business owners and IT professionals about cybersecurity, zero trust, email security, and how you can help safeguard your company.
Interesting in learning more about our cybersecurity - check out our CyberCare - Cybersecurity page
