Late last week, there was a Dell firmware vulnerability reported on their devices. Specifically, four identified vulnerabilities allow attackers to fully take over devices because of a buggy update process.

While this is a Dell issue today, the reality is that any software has the potential to make your otherwise secure infrastructure vulnerable. So, three questions to ask your IT manager or outsource provider:

  • Are new devices completely “wiped” of pre-installed software before they are used? If no, uninstall these types of firmware right away, and implement a new policy and process to ensure this happens in the future.
  • Are updates to any approved software managed by your IT team i.e. tested and considered before deployed? If no, establish a new policy and process to do this rather than allowing automated updates.
  • Do staff have access rights to install additional software on their devices? If yes, it’s time to take back control. All software applications should be under the direct control and decision of the appropriate manager(s) to reduce risks.

While we can’t avoid every possible security risk from occurring, these are some simple actions that can and should be deployed to protect your Not for Profit organisation.

And regarding the current Dell firmware vulnerability issues – if for any reason your team cannot delete existing firmware right away on all impacted devices, then make sure that everyone downloads the latest Dell patches (yes, this one time) to minimise your risks until this can be done.

Tammy Ven Dange is a former charity CEO, Not for Profit Board Member and IT Executive. Today she helps NFPs with IT decisions.

Related Articles 

The #1 criteria for choosing a LMS as a RTO

I'm increasingly helping Not for Profits choose a Learning Management Systems (LMS), particularly since the pandemic began. One study believes the global LMS market is worth over US$15 billion in 2021 with at least a thousand vendors offering more features than I can...

What the heck is a cloud?

What the heck is a cloud anyway? Everyone is talking about the cloud!  We'll just move our servers to the cloud. Why don't we store it in the cloud? Which cloud are you using? In plain English... a cloud is a place to store data or software on the internet. While it...

How Associations make good IT investments without a RFT

Can you write us a RFT?"  This is often what Association executives ask me in our first conversation.  When I say "NO," they're puzzled. How else will I help them make good IT investments without a Request for Tender (RFT) and still get board approval for the...

Why Associations should be in the cloud

The use of public storage clouds like Microsoft Azure or Amazon Web Services to host organisational data is not new. Neither is the use of Software as a Service (SAAS) such as Salesforce or Xero. Nevertheless, I still hear about organisations trying to replace old...

What is PCI Compliance?

It can feel as though compliance activities are never-ending for organisations, and Purchase Card Industry (PCI) compliance may seem like just another box to tick on a very long list. However, in this edition of ‘IT in Plain English’, Tammy explains the importance of...

What’s the difference between a server, a virtual server and the cloud?

In this episode of ‘IT in Plain English’, what does a suitcase have to do with servers? Not normally a lot, but Tammy Ven Dange uses your ordinary carry-on to help explain the difference between a server, a virtual server and the cloud. Sign-up here to subscribe to...
%d bloggers like this: