A recent security issue impacting organisations using Microsoft Exchange Server has highlighted the importance of keeping your computer and computer network - including its operating system and the applications you have installed - up to date.
Cybercriminals frequently use security weaknesses in computer software to get access to your computer and the information on it. They can exploit these weaknesses to deliver, install and run malicious code, and get access to your emails and other information to steal it or hold it to ransom.
This is why a process called “patching” or vulnerability management - essentially keeping your operating systems and applications up to date - is an important protective measure to keep your business and customers safe.
Microsoft Exchange - what happened?
Many of us access our emails using the Microsoft Outlook application. However, many organisations manage these email services and other collaboration features using a more powerful product, Microsoft Exchange Server. There are two versions of Microsoft’s Exchange Server product: Microsoft Exchange and Exchange Online. The Microsoft Exchange version of this product will normally be installed on computers on your company network and be self-managed by your company, while the Exchange Online product is accessed from a “cloud” environment - a virtual environment which doesn’t require software to be permanently installed on a specific computer on a network. The Exchange Online version is managed by Microsoft.
A recently discovered security weakness in the Microsoft Exchange product (not the Exchange Online version) has meant that cybercriminals have been able to access and cause damage to the computer networks of multiple organisations who haven’t updated their software yet. The Australian Cyber Security Centre has provided more information about this security vulnerability and what you need to do to protect yourself and your business.
Given the plethora of items in our homes and businesses that are now internet-connected, it’s essential to think beyond phones and computers when it comes to updates, and consider other things that may also require regular updates, such as smart watches, internet routers, security systems, point of sale terminals, heating and cooling systems, refrigerators and even possibly the fish tank1.
Just like a car thief scans a shopping centre carpark for unlocked doors, cybercriminals scan the internet for organisations that have not fixed security vulnerabilities, so it’s essential that you are in the habit of routinely updating your computer software to deter a cybercriminal.
Keeping it clean – tips for keeping your internet-connected devices up to date
- Ensure that you’re running the latest version of your operating system (eg. Windows, macOS, iOS or Android) on all your computers, laptops, tablets, phones and any other internet-connected devices; consider upgrading or replacing devices that can no longer be updated to newer models.
- Ensure that you’re running the latest version of any applications installed, and uninstall any applications that are no longer needed.
- Switch on automatic updates for your operating systems and applications if they’re available. You may wish to refer to the Australian Cyber Security Centre's guides on how to do this.
- Create an inventory of all of your internet-connected devices and the software (operating systems and applications) running on those devices and periodically review this list and when they were last updated.
- Monitor for potential threats and be ready to install updates as soon as they become available.
For more guidance on how to manage vulnerabilities, refer to further information published by the Australian Cyber Security Centre.