720-891-1663
Return to the list of client alerts
Microsoft patched 120 bugs this month.
17 of them are considered CRITICAL.
How can you be hacked – according to Microsoft:
Surely your users would not do any of these. Just kidding.
Some of the bugs are zero days and are actively under attack.
In some sense, this is not news. You’ve been dealing with this for years with your employee’s computers.
But now you have a new problem.
Your employees are working from home and at least some of them are using personally computers.
So back to the title. WHAT IS YOUR LEVEL OF CONFIDENCE THAT YOUR EMPLOYEES’ COMPUTERS (including those that are not company owned) ARE PATCHED AND UP TO DATE?
Whatever controls and processes that you have in place for company owned computers, are you sure that user owned computers are also up to snuff?
Given that it takes bad guys around 24 hours to weaponize a patch, you really need to get your employees to patch their own computers. Quickly.
The recommended practice is known as 24/72. Patch zero day bugs (there are two of them this month) within 24 hours. Patch other bugs within 72 hours.
With many services being web based right now, even if you give employees a company laptop, that doesn’t mean that they might not use their own computer unless you lock them out from doing that.
Microsoft offers a paid service called conditional access which allows you to restrict access to, for example, only domain joined computers. That only works for accessing Microsoft services. Single Sign On services like Ping and Okta also offer similar services but cover way more web sites.
Absent something LIKE that, assume employees will use the most convenient computer – even if that belongs to their 12 year old kid. No telling what might be on that computer :). Credit: The Hacker News
