Ransomware defense begins with an up-to-date operating system, an up-to-date browser, and up-to-date patches. For a single user, that’s relatively easy to achieve. But schools and universities must manage a large number of devices. While tools exist to help upgrade, update, and patch systems at scale, too often administrators leave things alone. In the real world we see out-of-date, unpatched software more than necessary. So review the following items to reduce your ransomware risk wherever possible.
Microsoft system requirements list Windows 7 Service Pack 1 as the oldest desktop operating system suggested for Office 365. Remember, though, that Microsoft first released Windows 7 in 2009, and that mainstream support for it ended in January 2015.
The first step is simple: run Windows 10 to reduce your ransomware risk. Microsoft found that “devices running Windows 10 are 58% less likely to encounter ransomware than when running Windows 7” in a “Ransomware Protection in Windows 10 Anniversary Update” report.
Microsoft built Office 365 to work with a variety of browsers, including Chrome, Firefox, and Safari, as well as Internet Explorer and Microsoft Edge. If you deploy Chrome, Firefox, or Safari in your environment, make sure these stay current, as well. Google updates Chrome about every six weeks, while Mozilla releases a new version of Firefox roughly every six to eight weeks. A once or twice-a-year browser deployment leaves people needlessly vulnerable to known and patched problems.
Of Microsoft’s two browsers, choose Edge to reduce ransomware risks. Edge lacks support for some legacy features, such as ActiveX, that increased the potential for security problems in Internet Explorer. If you use Internet Explorer, upgrade to Internet Explorer 11, which will run on Windows 7 Service Pack 1 systems and all newer Windows operating systems. Both Edge and Internet Explorer 11 offer SmartScreen Filters to help guard against malicious sites and downloads.
Finally, while it may seems obvious, apply patches promptly. Ransomware and other malware pursue multiple paths around defenses—so it’s not enough to just update to devices monthly. An unpatched laptop that connects to your network, servers, or OneDrive today, may deliver malicious code to encrypt every file it can find tomorrow. So patch promptly.