I have a friend who has had her work computer repossessed for the second time due to an infection in their system. She says it came in via email (don't most of them?) the day before Christmas and she did not open it. Now she is being told every computer and server in their system is infected. Is this possible, I guess it is. How does something like this happen, don't most organizations run some type of high dollar anti-virus?
I am just kind of curious about this, when we had one of these slip through it only infected the machine the email was opened on (so they say).
bob
Only two options. Her PC did run the virus (sometimes preview will work) or someone else ran the virus.
Having been in this place, it's not exactly easy. When I first started at my present company, I was in the middle of doing "InfoSec 101" implementation, budget was approved but the money was tied up due to our aquisition. We got hit with Cryptolocker. The IDS on our router stopped it from talking back to the botnet, but it did take down a bunch of server files. We elected not to let Cryptolocker talk to the botnet and pay the ransom, and recovered from backup. The company was running BitDefender on all PCs, but no centralized patching.
Good security is actually easy. Great security is hard.
How to secure a SMB network:
- Have a firewall (you'd think this would be obvious...) | Examples: Ubiquiti Edgerouter Lite, mikrotik, SonicWall |
- Have some way to push OS patches | Examples: WSUS, GFI LanGuard, wpkg.org |
- Have some way to push application updates | Examples: PDQ Deploy, Ninite Pro |
- Have a decent antivirus, with centralized control | Examples: Kaspersky |
- Monthly reboots are a good idea. | Examples: PSShutdown or shutdown /i |
- Rapid recovery (disk to disk to tape being the best) | Examples: Veeam |
- Either scan your incoming email or pay someone else to do so |
There's a possibility that said virus came in on a thumb drive, burned CD or DVD or visiting laptop.