Danger Will Robinson!
If like me you are not the youngest person in the room, you may remember when magazines used to give away disks with games on. (The younger readers will be shocked by this I know, even more so when I say they were not CDs or DVDs, but “floppy disks” - google it.) After dutifully removing all traces of the dreaded glue used to attach these to the magazine front, you would just load that disk up in your computer. We were told “viruses” were rare, hmm, that didn’t last long.
Once, I was sat in a team meeting and asked each member of the team to pass me any floppy disks they had as we suspected a virus was doing the rounds. In I popped each disk and every time a virus was found, my laptop played a tune, and much to my managers annoyance this was not something I could not turn off.
Many weeks later I found someone had taken a disk from a magazine and formatted it to reuse, in the process infecting one of our central office machines, which everyone had subsequently put a disk into. Even without fancy networks, including the internet (which didn’t exist then!) we had a virus which had infected tens of PCs in very brief period. I next invested in some floppy disk locks - a crude device, but stopped the spread in its tracks.
As I write this blog, we are seeing the latest attack on the world’s PCs, and it has made me realise the only difference now is these things spread so much faster, but still we have crude mechanisms available to stop them, or at least prevent them. Software updates, anti-virus and the good old IT policies.
When I worked in a college, it was almost a daily battle over whether eBay and Facebook should be blocked. If they were blocked then some lecturers would complain that it affected their teaching, “Facebook is a social experiment that needs to be studied”, “we ask our students to order chefs’ knives from eBay”. Then we had the statistics showing the staff usage of these sites, one staff member I recall spent so much time on eBay it appeared as though that’s who they worked for.
Personally, I am all for each of us taking responsibility for our own actions - it’s not always straightforward for a company or institution to protect us from everything. Instead we are asked to abide by policies, rules and guidance. It’s all well and good telling the staff in a warehouse they must be trained to use the fork-lift truck, but you need each person to acknowledge that and not use it if they hadn’t been trained. There must be clear consequences if the rules are broken; this is how we try to prevent accidents and mistakes.
We all know we should not open attachments in email from those we do not know, but we all do it. John McAfee was once asked about his use of email. He stated that if anyone sends him an attachment he just deletes the email without opening it. An extreme reaction maybe, but by a man who knew the problems far better than most - this was some 20 years ago. Many attacks nowadays are more sophisticated and may be almost impossible to avoid, but educating each other on the dangers is key to preventing the spread.
One time, at a Microsoft demonstration they showed us “Phishing attacks”, we were all techies and could easily spot them, well until the last one, that blew my socks off. None of us could see it was a fake website, and I’ll admit, I became scared. Then there was a “SQL Injection Attack”, I recall showing one of our directors how I could get all the contents of the student records system through a simple log-in screen. My point being we needed to be aware of these things, we had public facing systems which made us vulnerable.
Sadly, recent attacks have shown that public bodies are more susceptible than ever before to ransomware attacks because (in simple terms) they have the least protection and are more likely to pay.
The simplest way in my opinion to avoid such situations becoming critical is backups. At least once a year I get a call saying a server has failed, all data has been lost, there are no backups, what do we do? I cannot stress enough, check your backups, check all your data is being backed up, check you can restore that data, check and double-check on a regular basis.
Ask yourself a simple question, it doesn’t matter who you are, what your job is, simply ask, “how much of my work can I afford to lose?”, an hour, a day, everything since the birth of time? Next talk to your techies, ask them how much they have allowed for right now, prepare for a shock, then explain what you need and why.
On the odd occasion that Facebook goes down, I know some of you don’t want to even contemplate that reality - how much do you panic, me not at all, hate the thing, work of the devil in my opinion, but take down my email and we are talking minutes at best before I melt down. Facebook have so many systems to prevent loss of your precious data, and yet it still happens. They are no different to you - they have users who do silly things, they apply updates that break things - that’s life. But what they do have is a plan for when things go wrong, an understanding of how much they can afford to lose and they test their processes regularly. Can you afford not to do the same?