So what does vigilance look like? IE security flaw reminds us – vigilance looks boring and it will save you time, money and hassle.

Tuesday, April 29th, 2014 | Managed Services, Technology Management | Scott Randall

I heeded the call, I left Windows XP behind after all those beautiful years together! Now that we find ourselves squarely on the other side of Windows XP “End of Life” Support, a vulnerability is uncovered that reminds us to remain vigilant and stay on top of patching. We preach it, we sell it and we can’t stop repeating it – sometimes, a lot of the time, the simple stuff saves the most time, money and effort.

The news was widely reported on Monday but here is a recap. FireEye Inc., a cyber-security software developer discovered the vulnerability in Internet Explorer (IE) that affects IE6 – IE11. This is a significant threat because according to NetMarket Share this encompasses over 50% of the browsers on the web. While the exposure is going to be the worst for those still on XP (Almost 28% of desktops world-wide) because there will be no patch or support, it also leaves those with Windows 7 & 8 vulnerable. The immediate recommendation is to switch browsers but there is also a fix one can use as a stop-gap measure until patches become available which involves disabling the Adobe Flash plug-in.

So what does vigilance look like? How can we stay on top of these relatively simple network hygiene tasks with limited time, resources, and in this case, zero-day notice?

This is where a solid suite of Managed Services is worth its weight in gold. With constant monitoring of Microsoft security notices as well as a variety of other sources, the patches can be applied to desktops and servers across the network remotely. This is a process that, even in a small firm, can take hours or days when performed manually. In the past IT staff would need to visit each workstation, often after-hours, to maintain and apply patches. Needless to say in many firms this just did not happen in a timely manner – if at all. Thankfully as the complexity of technology has increased, so have the tools used to manage it.

So time is the biggest factor as to why patches and updates are not routinely maintained. While all of this patching eats up IT staff time – nothing compares to the time spent recovering from an attack. Even if it is not the worst-case scenario (no one reached into the client files, firm documents or financial records) you may be battling insidious malware for hours (check out Malwarebytes). Even worse, if the exploit is using a device on your network to send SPAM you could be blacklisted and unable to send or receive email. The process of clearing that up is much like dealing with identity theft in your personal life. It is a long and time consuming process that can stop one of the most critical functions of technology in the law firm – email services.

Generally as vulnerabilities are discovered patches are released so not every security flaw becomes an exploit. The best way to make sure that you are not leaving your network open to known flaws is to patch, patch, patch and never let down that vigilance – better yet set it on autopilot (Not Automatic Updates!) by considering our SimplicITy managed services.

Tags: , , ,

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Page 1 of 11

Leave a Reply