Until the attacks last month, most people would have imagined NHS IT infrastructure as impregnable, that untold budgets and resources would be thrown at security due to the sensitive nature of the data contained on it. Indeed, it wouldn’t for a moment have imagined by most that it was possible that significant parts of the NHS could be brought their knees by a computer virus attack.

The most surprising fact to come from the attacks was that some 5% of NHS computers were still running Windows XP. As will be in common with many businesses still running out-of-date operating systems, the reason for the lack of an upgrade probably wasn’t the cost of the upgrade itself, more likely it was due to a legacy application which may not run or have been tested on newer operating systems.

What’s clear now though is it must be a priority for any organisation to upgrade older operating systems no longer supported by Microsoft. If applications are still in use on these machines then these too many need to be tested or upgraded on a newer operating system, or in some cases it might be possible to isolate the machine from the internet, reducing the risk of it being used as the door to attack your entire network.

In the case of many of the machines infected on the NHS networks, a patch was available to protect the machines, but it simply hadn’t been installed. So, the other lesson which became obvious from the NHS attacks was the need to ensure even newer operating systems and software are kept up-to-date too. It’s vitally important that security patches made available from Microsoft and other software vendors are installed, thus lessening the opportunity for an attack.

Collectively the NHS is one of the largest organisations in the world, and so it’s obviously easier for much small businesses to implement the lessons to be learned from the NHS attacks, indeed this should be done immediately. Whilst it may at times seem like there isn’t anything to show for money spent on IT security, there being physically no new machines to look at etc., as attacks become more common, what many organisations are now finding after experiencing the high cost to a business of sorting out issues after an event, that it becomes viewed instead as money very well spent.

For a review of your operating systems, applications and the security across your IT infrastructure, call Rod at RML on 01223 873747.