IT Administrator Malpractice

Man looming at watch, laptop in background The most recent spread of ransomware shows a troubling trend. According to news sources, “Hospitals, major companies and government offices were among those that were badly affected.”

 Some opinions out there seem to consider such attacks as inevitable, or even due to bad policies, but this attack was preventable through standard maintenance practices.

 The people who have the job of maintaining these computer systems are guilty of malpractice. If they were held to the same standards as lawyers or doctors, there would be repercussions. Instead, they are too often viewed as heros for their valiant efforts to restore systems.

Individuals with PCs deserve a little more compassion, but even there, a certain level of responsibility is reasonable to expect. Look it up online or at least ask a geek to set up your updates and backups.

 Software updates must be installed in a timely fashion. The infected PCs were at least two months behind on updates. Negligent.

 Also, you should *never* have any data on a computer unless you are willing to lose it. If it is not at least double-backed-up, you are implying a willingness to lose that data. 

 Large IT installations should have some form of PC imaging system, making the restoration from a ransomware attack a simple, already rehearsed procedure. A bit time-consuming due to technical considerations, but a known process.

NEVER, NEVER, NEVER, EVER PAY A RANSOM!!!

 The only reason anyone ever has to pay a ransom is because they failed to back up their data. You encourage the hackers through your malpractice.

 There are other considerations too complex to explore here, such as why you chose to run Windows in the first place, so I will not go any further with this “blame the victim” tirade.

 I’m all for forgiving and learning from mistakes, but the first thing that must happen is to admit the mistake. If you were infected by this latest attack, somebody made a mistake.

 Computers are still complicated, and the threats are many, but it is easier than ever before to do the necessary maintenance tasks to avoid problems (most are automatic “set and forget” systems). Backups and patches are easy and cheap/free.

 It’s time to stop the silly mistakes that make such attacks worth attempting.