Fun_Ad_9878 t1_j60f4wf wrote
Reply to comment by theanswar in DOJ disrupts major ransomware group that extorted about $100M including from schools and hospitals by A-Do-Gooder
Personally we were idiots. We had very weak passwords that were used on multiple machines and there were rdp ports open. Simply blocking the rdp ports by ip and then moving to a VPN with no ports open was enough. Then we set a different admin on each computer with a unique random password. Imo this is how they break in. They just find the next idiot. We are not talking about investing in security. We are talking about companies that just completely ignore security. We are just talking about basic things.
theanswar t1_j60fwt5 wrote
>We are talking about companies that just completely ignore security
Correct, because its costly to even have someone on staff who manages it. Let the IT Admin also be the CISO... and the help desk... and the patch manager... and the hardware department... and software... you get the idea.
Very few school districts could afford a role for a security manager, as the board and parents would prefer the money be allocated to sports, teachers or programs.
Viewing a single comment thread. View all comments