A question to the IT experts out there:
If I back up to a USB connected external drive and I'm unfortunate enough to have been the victim of a security attack in any form or way, will my USB connected external drive be affected, will my backup be compromised in any way?
I back up regularly to this drive. I'm also very meticulous about installing the latest windows updates (Win10 Home 64x) and my anti-virus software is regularly updated.
Thanks in advance.
Back on topic. It seems incredible to me that organizations such as UK NHS are still running WinXP and seemingly ignoring any security update patches announced by Microsoft.
Rob.
If your hard drive is on, there's that possibility of infecting the data if the malware searches the hard drive paths, meaning the drive letters for such folders as documents and such files as. *.doc, *.jpg, etc. In computer terms an asterisk (*) means everything with what's on the .extension. As I used *.doc, or *.jpg means all documents, and all jpg images. If you are infected and you then turn on your hard drive on with an infected system, then there's that chance that the malware will find your hard drive when it comes online. (The paranoid side of IT comes into play here). So if you were to come into contact with the malware, it's best to remove it first, then restore data from backups, which of course I hope is obvious.
If your system is up-to-date, meaning all patches, and your antimalware is up-to-date you should be safe. As an added precautions, to ensure there's nothing out there that can still circumvent the updates, never click on attachments or suspicious links in emails, and exercise safe computing - meaning avoid website with naughty bits on them, and stay vigilant while on the internet.
Remember even though you are up-to-date at the moment, there's always the chance that the malware writer is a step ahead of the other, so it's best to stay on the cautionary side.
I agree that it's truly shocking that organizations don't put in an effort to upgrade. Sure it can take time for IT to ensure the applications work properly, and all the other stuff that goes into that, but the concerted effort should be done, but sadly if you look at post, a lot of this has to do with management and getting them to buy into investing in the infrastructure.
And lastly we wonder why... To quote my own post:
Now for a real world example of what should not be done, which my brother told me about and got my hackles up as I think about it. My dad was at a local hospital for a CT-scan. The software for the equipment ran on a Windows-based computer, most likely Windows XP or Windows 2000. Instead of this machine being isolated from the internet, meaning no browser allowed, or locked down only to allow intranet access, the operator and other staff were on Facebook browsing images that were sent to one of them. Seriously! How to infect the medical-device. It's cases such as this which most likely brought the systems down at the NHS in the UK, as well as in other organizations!