Over the last several weeks, Microsoft has been dealing with a sizeable exploit with the ability to attack any desktop, 笔记本电脑和服务器. 在GO科技集团, we’ve been actively updating and patching systems to help our clients deal with this threat.
We’re also monitoring all Microsoft communication around this issue hourly.
Based on what we have learned so far, here are some things to share with your employees to reduce the risk of ransomware, phishing and other cybercriminal attacks.
打印机的安装 & 更新
The exploit allows hackers to get into any computer on your network and run software on any other computer, 包括服务器, without administrator passwords.
This is particularly dangerous because any user could potentially allow a hacker onto their machine using a phishing campaign in an email. Once access has been obtained, the hacker can run software on a server, gaining full access to your network and the ability to steal data, 建立 ransomware on the entire network, and bring down your business for days, if not weeks.
This is why it’s critical to inform your employees to be vigilant about any email requests related to printer information or printer updates. Have employees who receive such emails contact IT support before doing any installation of any sort so that we can confirm that the request is legitimate and not a phishing or ransomware attack.
Any request to install or do any IT-type changes in an email that comes from anyone other than an internal IT team or managed IT services provider should be viewed as suspicious. It is extremely rare for a user to get such a request in the first place. It is imperative that users learn to be thoughtful and cautious about clicking any links within emails.
To help mitigate phishing email attacks, do not open attachments from anyone that you do not know. If you’re unsure, call the person to validate the email. Do not click on links in emails from anyone you do not know.
在一般情况下, be extremely careful with attachments and links even from people you do know as their account may have been hacked and could be sending out malicious emails. If you accidentally click on a link that you think may be malicious, immediately turn off your computer and contact IT support.
We recommend that you limit employee access on company devices to work related websites known to be safe. Over the last several months, even “reliable” websites have been hacked, with links in them pointing to 恶意云顶集团, 病毒, 等.
Many employees use a personal device at home that isn’t managed by your organization. Accessing resources in the office from these devices can serve as a gateway to your technology infrastructure and put all of your electronic documents and data at risk.
To mitigate these 远程访问 risks, make sure to log off of it when you aren’t working. If you use webmail, limit access to that page from your personal device. If you can, use Outlook or another mail client instead. 最后, do not use VPN on a non-company deployed device; IT support can provide you 远程访问 to a desktop in the office as a safer method
Please share these tips with your team. Vigilance is a key line of defense in keeping your network safe.