General Cyber Security Reminder
With recent news reports of the WannaCry ransomware worm, MidCo wanted to take this opportunity to send a general reminder to take some time to review your various systems and their associated software and firmware versions; be sure that your systems are operating at the most current release and to check to see if any additional patches may be required.
Systems which should be reviewed:
- Client and server operating system patches, and software and hardware such as:
- Voice (VoIP)
- Access Control
- Security Camera firmware and application software
- Wireless Access Points
- Network Switch firmware
Don't believe MidCo? Then take a moment to read the press release from the U.S. Department of Homeland Security:
Cyber Hygiene: Everyone's Responsibility
Per the U.S. Department of Homeland Security
A commitment to cyber hygiene and best practices is critical to protecting organizations and users from cyber threats, including malware.
In advice specific to the recent WannaCry ransomware threat, users should:
- Be careful when clicking directly on links in emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact your organization's help desk or search the Internet for the main website of the organization or topic mentioned in the email).
- Exercise caution when opening email attachments. Be particularly wary of compressed or ZIP file attachments.
- Follow best practices for Server Message Block (SMB) and update to the latest version immediately. (See US-CERT's SMBv1 Current Activity for more information.)
U.S. Department of Homeland Security: General Best Practices
For general best practices on patching and phishing, users should:
- Ensure that your applications and the operating system have been patched with the latest updates. Vulnerable applications and operating systems are the targets of most attacks. (See Understanding Patches.)
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- Avoid providing personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information.
- Avoid revealing personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent by email.
- Be cautious about sending sensitive information over the Internet before checking a website's security. (See Protecting Your Privacy.)
- Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use the contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from anti-phishing groups such as the APWG.
Schedule Your Software Upgrade Today!*
For those clients currently covered under a MidCo software maintenance contract, MidCo invites you to schedule your system software upgrade today.
Please email firstname.lastname@example.org to schedule your upgrade.
For those clients not currently covered, please email email@example.com to request a quote!
Purchasing Software Support keeps your system in compliance with the manufacturer, eligible to receive upgrades and security patches, technical support, and new feature notifications.
Please visit www.midcosystems.com for more information.
*Please note, your computer hardware must meet minimum operating specifications to receive the upgrade. Should minimum computer specification not me met, charges may apply.