Guidance for SharePoint Security

17th May 2017

Security is a hot topic – think about last week’s WannaCrypt attack. Many businesses around the world were victims, affecting over 100,000 machines in 100 countries within 24 hours. Protecting data, whether On-Premises or via the cloud, is on every organisation’s agenda.

In March this year, Microsoft released a security update which addressed the vulnerability of such attacks. For those who have Windows Update enabled, they were fortunately protected against attacks on this vulnerability.

Attacks of this nature may evolve over time so it is essential that an organisation takes the time to ensure they are running a supported version of SharePoint. Many Microsoft customers may still be running a version of Windows that no longer receives mainstream support.

What does WannaCrypt do?

In its basic form, WannaCrypt can replicate itself and spread to other machines on your computer network, making it a hybrid ransomware programme. Infection is spread via SMB (Server Message Block) protocol which is used to communicate with other file servers across a network. The programme then encrypts most of the files on a machine and a payment demand appears on the screen. Access to files may be lost forever if the demand for payment is not met.

Crucial Tips for SharePoint Security

There is high probability that other vulnerabilities may become exposed and exploited. Make sure you take the right steps to protect your business from future attacks:

  1. Keep your organisation’s security software patches up to date.
  2. Check to make sure your Windows operating system is current and supported. Microsoft recommend upgrading to Windows 10 as it’s equipped with the latest features and proactive mitigations.
  3. Ensure your email and web security can block malicious emails.
  4. Make regular backups and keep them secure.
  5. Consider adding a rule on your firewall to block incoming SMB traffic on port 445.
  6. Exercise caution when opening email attachments and clicking on web-links.

It is also important to check the knowledgebase articles (KB article) for the updates as in some instances you may not be fully patched without performing a manual SharePoint product upgrade.

Note: Microsoft also releases Cumulative Updates for SharePoint, however these are collections of hotfixes and are not recommended for production environments unless they resolve a specific issue you are experiencing and you have fully tested the update on your own testing environments.

If you are in any doubt please contact igroup and ask about our Healthcheck product and support services. The healthcheck product involves us checking your farm’s patch level and checking that your environment is in a supported state. Call a member of our team today on 0207 099 0632 or email hello@igroupltd.co.uk.

Call now on 0207 099 0632 to speak to a member of our team

Call Us Now