Been Quiet...

I've been a bit quiet the last few days and for good reason. Like most people in working bands, I have a day job and mine is as head of system security for a health charity. We look after pretty much anyone who needs help, try to catch the people who fall through the gaps in the NHS.

We bid for (and win at times obviously) NHS contracts to run services. We bid against the big players you'll have heard of, but the difference is that all our profits go into our charity arm.

Anyway, unless you've been living under a rock you'll know there's been a massive international malware attack which brought the NHS to its knees and a number of other health providers. I noticed something early part of last week and just did some due diligence making sure we had things set right, so when it hit we were unaffected. I was asked to make the call about our response. Do we take our systems offline to fully protect ourselves?

I said No. If our systems go offline, real people are affected, we can't arrange places for the homeless, people will not be able to get their treatments, and worst case scenario, people die.

It was a tough call but I think I only had one option , keep everything running. This has meant very little sleep for the last few days, constantly checking everything, bringing new security elements online ahead of schedule and making sure none of our live systems were affected.

I only have a team of two and very little budget, but good design and a pragmatic approach means that so far we have been safe.

There's no room for complacency and I'm not patting myself on the back. We made it this time but the attack will be more sophisticated next time so we need to do even more to be prepared for it.

This has meant not much time for music and guitars, but I never have a day when I don't play, and I've been working on pentatonic variations, the kind that make you go *ooooooh* when you hear them. Simple but effective (like the security).

I'm thinking about putting some video lessons (or maybe less lessons but demonstrations) into the blog to show what I'm talking about. In text it's all a bit abstract so the video might help.

Anyway, adiós for now, time to check those servers and logs....

By the way, at home please use up to date endpoint protection. If you get an email with a link or file and you were not expecting it, just delete it, that's how all this started, and the emails will come from your friends, your work, places you know because they've been compromised as well. Consider Santander, NHS, big names, don't assume any company is safe. Deleting is better. Even better, set up an autoreply when there's an attachment pointing to online (OneDrive, Dropbox all have free options) storage and tell people to put the attachment there instead. Make it so they can write but not read to keep other files safe. Then check it from your PC using your protection, if safe download it and delete the one on the drive.

Ask yourself, if all your documents and pictures were encrypted so you couldn't access them anymore and a ransom was demanded what would you do? Just don't put yourself in that situation, take a bit of care please!

Comments

Post a Comment

Popular posts from this blog

Still No Carlos

Sad day

Bit of a clear out...