What the Exchange vulnerability means to you
Here’s what we know.
The vulnerability was discovered by researchers in January, and Microsoft was alerted at that time. Last week’s patch included the no-longer-supported Exchange Server 2010, indicating this weakness has likely existed for more than 10 years. Once again, the old cybersecurity maxim applies – there are two types of companies – those who know they’ve been breached, and those who don’t know it yet.
What can you do?
Obviously running your patches immediately is essential. Additionally, running updated antimalware and antivirus scans after running the patches is a good idea. Finally, we recommend changing the server password and the passwords for the email accounts for all the users running through Exchange. While this isn’t a compromised credential type of weakness, it’s reasonable to assume a compromised server could have had user credentials lifted at some point in the past.
This points to a larger issue. If you’re still running your own Exchange server, it’s proving to be increasingly difficult to maintain its integrity. Businesses have moved to Office 365 and hosted solutions to reduce both their on-premise costs and risks. In the short term, moving to the cloud achieves both – greater security and less cost. In the long term, a hosted solution will cost more, but the purported security advantages should outweigh the increased costs.
If you haven’t done so yet, we encourage you to move to the cloud. Acentec can migrate you to Office 365 and we can host your other data and application needs at our world-class datacenter located in Phoenix, AZ, with co-location facilities worldwide.
It’s more important than ever to prioritize the cybersecurity of your organization. Our cyber-testing services can hack your network, track your employees, and identify your weaknesses before the bad guys do. Call us for details.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.