Why its worth investing in computer backup and adopting best practices

Yes World Backup Day (March 31) is a thing and we have missed it!

Putting a little time and effort into a computer backup strategy and updating your Disaster Recovery policies is never time wasted.
For many firms, data backup plans are like insurance policies: They live in the hope they’ll never really need them, every pound and every hour invested is done reluctantly.
Any organization that finds its systems going offline for any length of time and its vital data rendered inaccessible will act as testament to the reality that good backups are vital and failure to backup and test may be fatal to the business.
Consider these sobering statistics from the US: 93 percent of companies that lost their data center for 10 days or more during a disaster filed for bankruptcy within one year of the disaster (National Archives & Records Administration); and of companies that suffer catastrophic data loss, 43 percent never reopen and 51 percent close within two years (University of Texas).
With those stats in mind, lets not wait for next years World Backup Day to review our processes.

The 3-2-1 Computer backup strategy

The classic computer backup strategy revolves around what is known as the 3:2:1 formula
Typically this means you should at a minimum; Have at least three independent copies of your data. Store the copies on two different types of media. Keep one backup copy offsite.
Backup shouldn’t purely be about being able to resurrect data in the event of a disaster, it is an opportunity to give users additional functionality such as the opportunity to roll documents back through previous versions by taking snapshots at frequent intervals.
So with this in mind we are currently working with our partners at Datto to provide our customers with solutions that bring real resilience and functionality to companies of all sizes.

Disasters come in all shapes and sizes, how will your computer backup and Disaster Recovery plan shape up?

How much confidence can you have in your computer backup strategy if you are unable to demonstrate its effectiveness before disaster strikes.

For most businesses checking the veracity of the backups, making sure they can be restored is an ongoing worry and one you can’t afford to avoid.

You don’t want to wait until you have a major hardware failure to find out if your existing backup solution is effective!

We have partnered with Datto as their solutions ALTO & SIRIS will give you complete confidence in your backups, as it comes with their unique screenshot verification process that positively demonstrates the successful ability to do a restore.

Because disasters come in all shapes and sizes, Datto have developed ALTO backup technologies specifically to give SME’s a viable Disaster Recovery (DR) option.

Talk to us at Tamite Secure IT about how a flexible DR plan can cover everything from major system failure, modern Ransomware and of course the more mundane flooding, fire or accessibility.

ALTO not only offers remarkably good backup functionality but also the ability to virtualise your infrastructure using Datto Cloud or locally on the SIRIS device, so now your down-time is effectively reduced to seconds.

datto ALTO computer backup          ALTO 
A business continuity solution that delivers enterprise-grade functionality
at a small business price.

Top Tip : Did you know that even Microsoft recommend you backup your Cloud Office 365, we provide a solution for this as well.

Top Tip : You should extend your backup & resilience strategy to include your full network and key devices in order to maintain access to your data, the Internet and your Cloud services.

Top Tip : Check that your backup policies are compliant and conform to regulation such as GDPR.

Call Richard to arrange a FREE Backup strategy review 0800 088 7201.

Use our online calculator to see the real cost to your business of extended down-time to your business.

Working from home advice and how to evolve your business to cope.

Working from home advice and the big picture.

Home Office working has become standard practice for many businesses these days, its not just corporates. Home working can work just as well for SME’s and Micro businesses.

We have seen research from Gartner that confirms what most of us had suspected.

The research suggests that businesses are in the process of evolving new approaches to cope with work during and post COVID-19 pandemic.

The study found that 82% of business leaders say their organizations plan to let employees continue to work from home at least some of the time, while 47% plan to allow employees to do so permanently.

So if you are in the 82% Virtualisation of the work environment Desktops and Servers along with upskilling the work force with the vital Security Awareness training.

We will provide your businesses with the tools you need to manage the new “Hybrid Work Place” (I love a new buzz word (Hybrid Work Place) ie. the office and home).

By reducing reliance on expensive hardware, reducing support costs, providing flexibility and maximizing capacity, the case for virtualization is a compelling.

Working from home advice

Virtual Desktops & Servers

  • Flexible, access it from anywhere.
  • Reliable, 99.9% uptime.
  • Cost efficient, Reduce support costs, hardware costs, experience less business interruptions.
  • Scalable, Add or remove Servers and Desktops on demand.
  • Secure, Ensure your Data is always backed up, your Services and Data are Secure.
  • Compliance, ticks the boxes and more.
  • Costs, are predictable.

Working from home advice #WorkCyberSmart

Cyber criminals are targeting the home workforce with highly targeted Phishing campaigns.

Working from home advice#1 Provide online training to all staff so they are equipped to spot the scams.

Its not expensive or difficult to put in place.

Working from home advice#2 Use existing technology to decrease the chances of your home or office based employees falling victim and putting your business in jeopardy.

Get the most from your Office 365 subscription, Exchange Email has advanced security policies that need to be configured to protect you.

When it is configured correctly 365 will take out a high proportion of spam malware and Phishing attacks before they reach you.

Working from home advice#3 Home workers need to be incorporated into your backup scheme.

We are experts getting the most from your new flexible workplace, give us a call now or use our contact form.

Safely working from home tips #1

Safely working from home tips, thinking and planning beyond the Pandemic.

During the Pandemic we have been assisting many of our customers to get up and running from home, as a result we have put together some helpful guides and used them to create these Safely working from home tips.

Working from home has often been discussed within businesses but often has not been put into practice with any great enthusiasm. Companies and employees have been aware of the possibilities but in many cases skeptical of the idea of home working.

However the actual experience of home working much of which has come from necessity has changed perceptions.

According to a recent survey the majority UK office workers do not want to return to normal workplaces and hours as the reopening of the economy gathers pace.

The poll indicated that many staff who can work remotely are comfortable doing so, and almost two thirds claimed to be worried about virus risks on public transport.

The survey of 2,000 staff by Theta Financial Reporting, a chartered accountancy and consultancy firm, explored how the pandemic has hit employers hard and overhauled working practices.

While both sides may have been originally resistant to the concept, in practice both employees and businesses are realizing that Home Working correctly implemented  brings real benefits.

Working from home tips, some of the common solutions.

As a result of Lockdown and the Pandemic home working has become the new normal, initially it was a business necessity, although for many of us it has become our preferred way of working.

Of course how you go about Working from home will to an extent depend on your existing IT infrastructure.

I’m a great believer in the old adage that “out of adversity comes opportunity”, now might be a good time to grasp the opportunity to look at those systems to see if they fit the new model.

You might even stop ignoring those annoying Microsoft Teams pop ups and decide to find out what Teams is all about.

There are four obvious contenders apart from trying to get bye using your home PC and these are;

Working from home tips #1. Working from home tips - RDS

Remote access to your Desktop, remotely accessing your work desktop can be relatively simple to achieve but maybe more challenging to do it securely.

Within the Microsoft Windows OS there is a Remote Desktop option and if you are running a server environment it can be managed through the Server.

As an alternative there are various commercial applications that can be installed, you will probably have seen your IT Support using something similar.
Examples are GotoMyPC, VNC and Logmein.

Working from home tipsWorking from home tips #2.

Virtual Servers and Desktops are becoming very common, we are actively providing DaaS to many businesses notably Accountancy practices and Financial Services where they increasingly need to demonstrate their Data Security credentials; in many cases they have distributed and mobile work-forces.

Desktop as a Service resembles the old 1980’s mainframe environment in that the PC you work from has very little to do, those of you old enough to have worked in that era will remember the term “Dumb Terminal”.

Your local PC does very little, it has only one function, that is to give you access to your Hosted Virtual Desktop.

That is where similarities end however, the Hosted Desktop has all the functionality of your familiar Windows 10 Office Desktop both quicker and more reliably and of course you can access it from anywhere.

Desktop as a Service (DaaS) provide a great user experience, enabling you to concentrate on running your business from wherever you need to be. In your home, on the road or in the office.

It really is all about efficiency, convenience and flexibility while still having access to all the applications and functionality you had in the office.

Now is the time to look at how your systems need to evolve going forwards, as the new reality can also offer new ways of realizing efficiencies, real cost savings as well as the step change in security necessary for the modern business.

The Windows virtual machine is;
• Flexible, access it from anywhere.
• Reliable, 99.9% uptime.
• Cost efficient, Reduce support costs, hardware costs, experience less business interruptions.
• Scalable, Add or remove Servers and Desktops on demand.
• Secure, Your Data is always backed up, your Services and Data are Secure.
• Costs, are predictable.

View our White Paper on Hosted Desktops v Traditional IT

Working from home tips #3.

The third option is the VPN or Virtual Private Network, this creates an encrypted connection back to your Office and gives you secure access to your folders, documents and in some cases applications.

It isn’t really our preferred option for Home Working if you are looking to run it from your home PC although it can be very secure it has limited functionality and is complicated to setup correctly.

Working from home tips - Microsoft SharepointWorking from home tips #4.

Office 365, Sharepoint and Teams is a very powerful solution that also works well with Desktop as a Service.

Sharepoint allows your company to make  documents available in a manageable and secure manner.

Office 365 / Teams combines many of the Social features such as Business Skype, Email and Chat boards to create a powerful collaboration suite ideally suited to bringing together groups of workers.

Microsofts Teams seems like a concept that has been looking for a market and ironically the Pandemic would appear to have furnished one.

Although I wouldn’t go as far as to condone the conspiracy theories that claim Bill Gates is behind the Virus.

Talk to one of our experts on the advantages of moving to Windows virtual machine and how it will benefit your business

In our next Blogs we will discuss how you can layer security and extend it into the Working from Home environment and how to create a backup strategy for the new reality.

Home Working how to do it safely.

Putting in place your company policy to deal with a Disaster Recovery situation.

I have been assisting one of my customers with aspects of their Disaster Recovery Plan, this has been brought into focus because of the present situation with Coronavirus.

Understanding possible scenario’s and planning a response is not scaremongering it’s what mature forward thinking businesses are doing right now.

The possibility that significant portions of your work force could be effected by either contracting or coming into contact and having to go into self imposed quarantine for a period and how to minimise the risks to people within your organisation.

My customer has made plans to run his business with a minimum staff on site and we are actively checking that as many as possible of the companies key functions can be performed by staff working from home.

One of the urgent considerations is ensuring that staff are trained to be able to function safely outside of the office enviroment and so we are currently updating their Cyber Security training.

Coronovirus UK Government Guidance For Business

Coronovirus UK Government guidance for businesses is that they should have business continuity plans in place to cope with the current Coronovirus pandemic.

As usual official government policy is you are on your own. So how is your business planning to cope with a large proportion of the workforce being home based?

We have been actively working with our customers to ensure they have an effective Business Continuity Policy to cover the likely scenarios likely to be encountered by businesses as a consequence of the Coronovirus pandemic.

In the next few weeks it is likely that businesses will need to put in place their DR policy to enable the company to continue functioning when for one reason or another employees are not able to come into work. It is estimated that around 25% of the UK workforce will be affected.

The Current Coronovirus UK Government guidance.  

The reasons this will happen are not restricted to infection or quarantine restrictions.

In the next few weeks anyone who is feeling even slightly unwell will be expected to self-quarantine.
Schools will start to close and childcare will become an issue.
It may be that as a precautionary measure you as a business decide to only have key members of staff on site and the majority of staff work from home to reduce the chances of infection by limiting face to face contact.

There are four main areas where you need to concentrate your planning to successfully implement your Business Continuity Plan.

  1. Communications: Telecoms services, Staff communications, email etc.
  2. Key Applications and access to documents.
  3. Training to work safely in the home environment without compromising your businesses security.
  4. Managing you supply chain.

We are able to assist you with all of these aspects and they can be put into place surprisingly quickly.

Coronovirus UK Government guidance for businesses get your plan ready now

Top Tip

One of the best ways your a business has for preventing the spread of disease in the workplace is to have a comprehensive remote work strategy.

Your busines continuity plan should ensure all users can securely access the tools they need to work remotely.

This will include access to business systems including HR, payroll, ERP and CRM; communications and collaboration tools; as well as email and business critical files.

Put in place training, including computer security training now to prepare your work force to operate safely from home.


Today is Safer Internet Day

Safer Internet Day is the ideal opportunity to do your-self, your business, your children and family an enormous service.

Become informed about safety on the Internet this year.

11th February 2020 is Safer Internet Day

Doubtless like mine your children will be being told about Safer Internet Day.

Across the UK at the school assembly and in many cases as at my child’s school, they intend to cover e-safety.

In schools across the UK Children will take part in a number of activities in around the global theme of ‘together for a better internet’.

Your child’s school will encourage them to explore how they manage their online identity, this leads on to how the internet shapes how they think of themselves and others.

To be honest this is a message we should all be taking on board whatever our ages.

By championing Safer Internet Day we at Tamite are doing our bit this year. We are making training and providing information to our customers and followers the top priority for our business.

This is an area of life where a little knowledge isn’t dangerous but ignorance certainly is.

Being informed about safe usage and avoiding the pitfalls isn’t really that hard. Like anything that is of value you need to devote some time to it.

We can show you how, by devoting one hour per month to computer security. By next year you will be making your contribution to a Safer Internet and maybe even be one step ahead of your children for once.

Sign up today to our Project 360-Five


Marriott & BA GDPR fine

UK ICO shows its teeth with record breaking fines for GDPR breaches at Marriott & BA

By serving up the BA GDPR fine of £183m & following up with £99m for Marriott the UK ICO has signaled its intent to punish transgressions where Personal data has been put at risk.

The fact that the initial reaction from both BA & Marriott is that the fines will be contested only confirms that the new punitive approach is having its desired effect, both companies have questioned the size of the proposed fines.

The signal being transmitted by the ICO is that making sure data security, especially where it is in the context of protecting Personal Data is taken seriously within organisations.

BA’s squeals that the fine is excessive as nobody has provably suffered damage as a result of the breach will probably not prove a defensible position.

The Information Commissioner Elizabeth Denhams’ statement on the BA GDPR fine : “People’s personal data is just that – personal. When an organisation fails to protect it from loss, damage or theft, it is more than an inconvenience.

“That’s why the law is clear – when you are entrusted with personal data, you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.”

The fact that the fine represents 1.5% of BA’s global turnover, the maximum fine that could have been imposed is 4% means BA are unlikely to see much success in their proposed appeal and will probably only result in further damage to their brand should they proceed.

The Marriott group faces a similar dilemma, the groups reaction to claim in mitigation that they didn’t own the Starwood Hotels Group at the time of the offences will not cut much ice.

The UK ICO Statements on BA & Marriott

The ICO pointed out part of the buying company’s due diligence should have been to ensure that they were aware of any such failings

The GDPR makes it clear that organisations must be accountable for the personal data they hold. This can include carrying out proper due diligence when making a corporate acquisition, and putting in place proper accountability measures to assess not only what personal data has been acquired, but also how it is protected.

“Personal data has a real value so organisations have a legal duty to ensure its security, just like they would do with any other asset. If that doesn’t happen, we will not hesitate to take strong action when necessary to protect the rights of the public.”

The Information Commissioner is clearly sending a message, companies that fail to put data security at their core and then find themselves the victims of a data breach will be dealt with severely, pleading that you didn’t know (Marriott) or you were the victim of a sophisticated attack (BA) are not necessarily mitigation.

The online world has been going through its own period of crisis. Google, Facebook etc. have since Cambridge Analytica had to deal with a new reality where Social media is now widely distrusted by its customers and have regularly been hit by billions of pounds in GDPR fines as European Regulators respond to breaches.

Having seen the writing on the wall, the Social Media giants for the first time in a very long time are having to respond to events rather than shaping them.

Ironically they seem to have forgotten where their huge incomes are derived, the social revolution has been based on a delicate balance of surrendering some valuable information about ones self in order to access services that are perceived as “free”.

As a result of revelations of systematic exploitation and casual sharing of personal data. Many of its customers are now actively distrusting the the organisations behind the Social media they love to use.

As a result the industry is in turmoil and the big players are now actively trying to regain credibility by actively portraying their privacy credentials.

As a result of the BA GDPR fine and fallout that is the inevitable consequence. The correct response from businesses in the service sector will be to re-assure customers, that they are taking their duty of trust seriously, as the current flurry of adverse publicity and doubtless more to come has put the industry under the spotlight.

The Service sector needs to look to its most important relationship that is the one with its customers, it’s time to review data security and learn the hard lessons that are presently being in-acted by the Social Media giants.

The Tamite Secure IT View

The Internet Age has redefined the relationship between the service industries and their customers, to which trust is intrinsic, this is an increasing trend and Big Data and the Internet of Things will further define the new reality.

GDPR has been a pivotal event in fostering a responsible attitude towards data and privacy across all industries.

The pressure on organisations to meet complex requirements, resulted in GDPR fatigue setting in for many businesses, who were slow to learn that GDPR compliance represents a journey rather than a destination that needs a marathon runners mindset rather than a sprinter.

New studies have revealed that nearly a third of European firms have still to make sufficient progress toward becoming GDPR compliant in the long term. A rise in prosecutions and companies receiving fines for breaking laws protecting consumers’ data are becoming public – and these fines have the potential to dent a company’s reputation and balance book.

Making Privacy by design and default part of the company culture will take time for firms who are still working to understand how GDPR is applied to their business model or industry. Undoubtedly there has been a sea change in how companies use and process data.

The anniversary of the introduction of GDPR coming into force, has seen businesses become more mindful of how and why they collect and store data and are taking steps to process this in a lawful way.

For a free consultation on your GDPR progress contact Richard Bristow Tamite Secure IT Sales Director

Contact Us

When did you last update your Disaster Recovery plan?

If you haven’t revised your disaster recovDisaster recovery plan & backupery plan for a while the sobering statistic that Cyber breaches across UK finance sector up 1000% in 2018 emerged in a Freedom of Information request to the Financial Conduct Authority. This trend is not purely a problem for Finance but will be reflected in any industries that are attractive targets to Cybercriminals.

Making sure your disaster recovery plan reflects the modern landscape of risk is a regular task every business needs to undertake. Risks are not fixed in stone but change and evolve, new issues loom on the horizon as old threats recede in the corporate rear view mirror.


Two years ago Ransomware was the looming threat, WannaCry was the hot news, a virulent Ransomware threat that caused panic for a few days in May 2017.

Wannacry has now receded into corporate memory. The Wannacry ransomware was highly effective, in the event WannaCry was thwarted more by luck than judgement, having infected 200,000 systems in 150 countries over the course of a single weekend.

Monetisation by the Cybercriminals controlling the ransomware was inefficient and patchy, estimates of the income from WannaCry are approximately £50,000, basically they were unable to exploit the Ransomware to its full potential.

Sadly the organisations behind it haven’t gone away and the indications so far this year are that its back and they have learnt their lessons.

The resurgence has been fueled by factors like the cost of entry has never been lower for prospective cybercriminal, ransomware is now available using a franchise model, so no real technical knowledge is required, just criminal intent.

Of course criminals need victims, however this presents no issue as the data required for a campaign can be readily acquired and due to a glut of information at a record low cost. High grade personally identifiable data records from data breaches are regularly being traded on the Dark Web. (HaveIbeenpwned)

This years trend is the targeting of prospective victims, individuals, companies and industries to maximise the earning potential witness recent events at Norsk Hydro who suffered a targeted attack in March and having decided not to pay the ransom are still in the process of recovering their systems four months on at an estimated cost of £52M.
It is little wonder that many victims or their insurance company’s pay the ransom rather than try to remediate.

It would logically follow that companies deciding to pay the ransom also don’t notify the Information Commissioner and so probably don’t initially hit the headlines. Until of course the breach comes to light because customer and supplier data is tracked back to an unreported breach. How many unknown victims in Finance, Accountancy, Travel & Tour Hotel Chains etc. are sitting on a ticking time bomb.

Making sure your company has layers of protection and effective backup regimes is one way we help our customers, we also help you create effective disaster recovery policies to put your business back on track in the shortest possible time.

CVE-2019-0708 (BlueKeep) has the potential to eclipse Wannacry

CVE-2019-0708 (BlueKeep) Coming soon to a computer near you

CVE 2019-0708 (BlueKeep) has the potential to disrupt industry on a scale rarely seen, it has according to many observers the potential to eclipse Wannacry.

Wannacry fallout facts and figures courtesy of the Telegraph

Computer vulnerabilities are ranked on the CVE scale of 1-10. The BlueKeep (CVE-2019-0708) vulnerability is a 9.8 (almost a Bo Derek for anyone old enough to remember this weeks obscure reference) on the scale as such it is deemed very serious.

CVE is based on data taken from the NVD (National Vulnerability Database which provides the basis for CVSS (The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities).

What makes this vulnerability stand out from the crowd and what makes it so potentially damaging is that; the potential exploit requires no user interaction or password to enter a system. The upshot is that an attacker who has successfully exploited this vulnerability would have complete access to a compromised system.

So should I be worried?

Yes you should worry and act now, as failure to follow up has potentially disastrous implications once an exploit is in the “Wild”.

If your organization is running one of these listed vulnerable systems, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP. You need to take imme diate action as we believe this vulnerability may pose a significant risk to your computer systems.

Additionally you may wish to disable RDP on newer systems where RDP has been turned on.

On 4th June 2019, another related RDP security vulnerability – (CVE-2019-9510) – was reported by the CERT Coordination Center at the Carnegie Mellon University.

No patches for this flaw are currently available. Nonetheless, Microsoft notes that the concern is not a bug, “but a feature instead”.

This new flaw or feature as Microsoft refer to it, may affect Windows 10 1803, Windows Server 2019 or newer systems using RDP, at present it is considered less of a problem than the BlueKeep flaw.

Our advice to all organisations is that as a rule disabling RDS and RDP is the best policy, unless RDP is vital to your operation in which case you need to implement strict procedures and policies.

As an additional precaution make sure your Firewalls are set to block the relevant ports relating to RDP.

Over 1 million computers vulnerable to CVE 2019-0708 (BlueKeep)

CVE 2019-0708 (BlueKeep)

According to the initial Microsoft announcement with regard to BlueKeep, the flaw “is ‘wormable’. In essence any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer.

Exploits in all probability will have learned the lessons of Wannacry, adopting a similar distribution strategy propagating itself in a similar way to the infamous WannaCry malware that spread panic across the globe in 2017.

An update to the initial announcement stated “if recent reports are accurate, nearly one million computers connected directly to the internet are still vulnerable to CVE-2019-0708. Many more within corporate networks may also be vulnerable. It only takes one vulnerable computer connected to the internet to provide a potential gateway into these corporate networks, where advanced malware could spread, infecting computers across the enterprise.”

Microsoft has released an update which fixes the vulnerability and strongly advises that all affected systems should be updated as soon as possible.

Find more information on the vulnerability and download the security update from Microsoft’s website

We have provided frequently asked questions below contact us if you have any further questions about this vulnerability or need assistance.

Frequently Asked Questions

What is CVE-2019-0708 (BlueKeep)

CVE (Common Vulnerabilities and Exposures) is a list of publicly disclosed cybersecurity vulnerabilities and exposures that are rated 1-10 in severity. CVE-2019-0708 is a severe vulnerability (9.8) identified by researchers in a feature called RDP found in older versions of Windows

What is RDP
RDP (Remote Desktop Protocol) is a standard feature enabled by default in older versions of Windows to allow a user to logon remotely to another windows machine. It is commonly used to connected to servers or other workstations located remotely (either in a data centre, or another office location)

Which versions of Windows are affected?
The full list of systems affected are here https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708 which includes Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows 2003 and Windows XP.

How serious is this?
All vulnerabilities are ranked on the CVE scale of 1-10. this vulnerability is a 9.8 on the scale so it is deemed very serious. BlueKeep potentially allows a potential exploit access without user interaction or password to enter a system. The cybercriminal who has successfully exploited this vulnerability would have complete access to a compromised system.

Is there currently an exploit for this vulnerability?
At present a number of security research companies claim to have a working exploit for this, but none of them have released it.
It has been claimed that bad actors are actively scanning for this vulnerability with a view to future exploitation. In addition the well-respected SANS institute in the US published guidance a week ago that stated “exploit development is active, and I don’t think you have more than a week.”

What does ‘wormable’ mean?
This term means this vulnerability could propagate from vulnerable computer to vulnerable computer by replicating copies of itself without the need for a host program or human interaction. A good example of a computer worm is the WannaCry malware that spread panic across the globe in 2017, infecting over 200,000 computers in a couple of days and having significant impact to services at a number of high-profile organisations including the UK’s NHS.

How do I check which version of Windows I am running?
You will need to audit the systems across your network to assess your exposure to this exploit, one vulnerable unpatched system will be one too many, and in risk terms the chances of an active exploit increase each day exponentially.

What happens if I do not install the new security update?
Failure to take action at a minimum to install the new security patch, your Windows system, and eventually your entire network, are at an exponentially increasing risk of being exploited.
Make no mistake this vulnerability is the most severe type.
Once a delivery system is in the hands of Cybercriminals affected machines will provide practically unfettered access to your machine. This opens the path to a full spectrum of potential exploitative behavior including but not limited to theft of your data, use your machine(s) to attack other companies or encrypt, wipe and/or disable your machine(s).

How do I apply the update?
Follow Microsoft’s instructions here: Microsoft Update Guidance we strongly suggest you apply the update on a test or less critical service before rolling it out more widely.

What should I do if I have a Mac?
Mac computers are not directly vulnerable to this particular vulnerability, of course if your network has been compromised they are as vulnerable as everything else. As ever we would encourage you to keep all devices patched and up-to-date.