1. The Sophistication Check - Part I

Overview

There is an entire profession out there you likely don't know about called "security researchers." These individuals find vulnerabilities in well known software and then submit them to the software manufacturer. The software manufacturer (i.e. Microsoft) pays these researchers for finding the vulnerability, and then promptly "patches" it. Once a vulnerability is reported and (sometimes) patched, it is published for the entire world to see with exact directions for how to exploit it. If you are not downloading and installing the "patches" for your software, you are drastically reducing the sophistication required for a hacker to get into your system.

EXAMPLE: The WannaCry ransomware attack was the result of a known vulnerability in Office that had already been patched by Microsoft months before the outbreak.

The Spot Check:

STEP 1: If you don't already know, determine which version of Windows or Mac operating system you are running

STEP 2: Search for and view your "Update History"

PASS: You are running a version of Windows 7 or newer / Mac 10.11.x (El Capitan) or higher and your operating system has installed an update in the past 4 months

FAIL: Your operating system hasn't installed an update in the past 4 months

SUPER FAIL: You are running a version of Windows XP or older/ Mac 10.9.x (Mavericks) or lower

If you fail:

Your operating system is not automatically updating:

  1. Turn on automatic updates
  2. Have a conversation with your IT person about why they weren't already turned on. 
  3. Contact Ariento or another vendor you trust to get a vulnerability assessment to see where else you may be at risk.

If you super fail:

Your operating system is end of life (i.e. an older version of Windows like XP or an older version of Mac like 10.9.x Mavericks). This means Microsoft or Apple no longer support your operating system and is not releasing any patches anymore, even for known vulnerabilities. THIS IS REALLY BAD!

  1. Have a conversation with your IT person about why you have an end of life system. 
  2. Upgrade to a more modern operating system immediately! Contact us if you need help as this is included with our service.
  3. Contact Ariento or another vendor you trust to get a vulnerability assessment to see where else you may be at risk and to provide you concrete recommendations for improving your security posture.

If you pass:

Repeat the test on any servers you have in the office. You may need your IT person's help, but look over their shoulder and DO IT WITH THEM, don't just ask them to report back.


<-- Cyber Hygiene Spot Check Overview                                                                                                2. The Sophistication Check - Part II -->