dinsdag 24 maart 2015

Beat Cryptolocker - ditch documents

A few years ago, a company I worked for had to upgrade their MS Office version to a more recent version. They had to, because they wanted to move to a new Sharepoint vesion, so they could use Sharepoint as the new document management system. Of course, using Sharepoint as a central document management system only works if all employees learn how to use Office and Sharepoint in the manner that Microsoft designed it. Until today I never saw any company where Sharepoint was implemented in the right way. In many cases documents are stored just like documents are stored on a file server, in a hierarchical way. Resulting in the same mess that you find in any organisation that uses documents: lots of copies, versioning problems, corrupted files and, not in the least, compatibility problems, because MS Office is not capable of storing files in a transparant way. Update and you're doomed...

A long time ago I wrote a report for a company advising them to do away with documents and move to a content management system based solution. Write and store your documents in a cms or (enterprise) wiki. I love wiki's. There is only one current version of any document, old versions are available always, with track changes, no compatibility problems, since all text is stored in the most simple way, using a simple markup language and, not in the least, there is are great full text search features. Try that on a file server or in Sharepoint...

Anyway, the company never followed my advise. They really wanted the Office lock-in, so that you could check the presence of people involved in the document creation process...

But now there's a new incentive to ditch documents. Cryptolocker.

Cryptolocker is malware, intended to extort people by means of encrypting documents on a computer. Or on a server. On Skydrive and perhaps an a Sharepoint server (MS claims that Office365 is not vulnerable). The criminals claim to decrypt the documents after payment of a large amount of money. There have been some reports of cryptolocker software malfunctioning, whose crypto functions can be bypassed, but in most cases an infection with cryptolocker is very bad news for a victim.

The only way not to fall prey to these criminals is by not having any documents on a pc or server, or on sharepoint. If you don't have documents, they cannot be locked. In order to do so, move to cms based text creation and storage, use a cms, use a wiki, use presi-like presentation solutions, use ethercalc instead of desktop software. And don't misuse Excel for data manipulation or statistical analysis, use databases and BI tools. Output: why print it? Use a live data viewer or pdf generators if you need a hardcopy.

And if you really want to use documents, move to platforms that are not vulnerable. Much cheaper than paying for ransomware.

1 opmerking:

Jan Rhebergen zei

You hit the nail on the head! I've been advocating this in the organisations where I have worked as well. Used Wikis for project managements etc. Difficult to get people to go along even more difficult to get management to support it.