Watch your backup
We have spent the week fundamentally changing the way we manage our office networks, in order that we have some protection against Cryptolocker, WannaCry and other ransomware attacks.
Should we have done this before? YES
Could we have done this before? NO.
It's only due to the widespread publicity garnered by the WannaCry attack that our Directors and PHBs have been stung into releasing the necessary funding to allow us to do it.
Luckily, we've long had a plan ready to implement.
So our backups are now on a separate LAN, with no direct routing, and no SMB connectivity.
We've also restricted SMB between individual hosts on the LAN, and moved all non-essential hosts (directors' phones, laptops, tablets etc), to a separate WiFi network, with no access to the corporate LAN.
It makes life harder to do certain things, but it does mean that even if the boss's secretary clicks on an attachment, or a link in an email, we are probably going to survive it.
I'm feeling a lot more comfortable at the end of this week, than I was at the start of it.