Trick-or-Treat Technology Style

Trick-or-Treat Technology Style

It’s nearly Halloween, a time traditionally associated with ghouls and ghosts – at least the kind that dress up and wants to get free candy. While this time of year IS a fun time to get spooked, your technology infrastructure should never be something that frightening.

Still, for a large percentage of small and medium-sized businesses, technology is still a scary subject to consider and moving forward with fingers crossed that something bad doesn’t happen is a fool’s errand. Since Continuous Networks is to small business technology what that house on the block that gives out full-size candy bars on Halloween is, we know all the tricks for avoiding trouble.

In the spirit of the season, we thought we’d craft our own version of “trick-or-treat” as it pertains to situations that should scare any IT manager or business owner. We’ll paint several scenarios and give two possible outcomes for each – one being a situation where IT is effectively managed (treat), and the other being the “worst-case-scenario” (trick).

It’s our hope that by understanding how quickly and easily things can get off track in our fast-paced lives, the reader will be better equipped to make changes NOW that will prevent problems in the future.

Sticking with our trick-or-treat theme, ignoring this advice is like being that house that gives out fruit for Halloween.

It is fine if you like cleaning up toilet paper from the front yard the morning after.

The Ghostly Email Server

It’s a normal Tuesday afternoon, the sales team is working on a big pitch for new business. After weeks of meetings and conference calls the prospective client seems to be taking a shine to your offer. The one thing they need in writing is the proposal for final approval.

After sales drafted the contract, it was sent to accounting and then legal for final approval. Everything looks good, the sales team simply needs to get it over to the prospective client before the close of business that day.

One problem, the attachment function isn’t working on your Outlook program. A couple of restarts later and it’s still not working. In fact, email seems to be out throughout the whole company.

This is a high-value proposal and it needs to be there by EOD – what can you do?

TRICK: The consensus is that your email systems are “down”, but nobody seems to know exactly what that means.

Is the server still running?

Can it be restarted?

If it is still powered, is it still connected to the network?

There’s a host of troubleshooting that needs to be done before anyone can get to the root of the problem, but the real problem here is time. You’ve got 20 minutes before EOD and getting the proposal over to the client after hours is going to look bad.

Someone from sales decides to download the proposal and send the attachment from a personal email account to the client. This is a highly risky move, does the @gmail extension make the entire organization look un-credible?

Will the spam filters on the client side funnel the proposal right into a ‘Junk’ file?

How could this have all been avoided?

TREAT: IT support isn’t always about calling someone when the world comes crashing down – or in this case, the email server program isn’t running. The computer, the server, and the operating system are all running but a simple reboot of the program allows email to begin functioning normally.

This is the benefit of proactive IT support. With a basic managed IT plan, this kind of round-the-clock monitoring will help ensure that no unexpected hiccups occur during that 11th-hour rush to get a proposal out the door.

The Heedless Updater

Software updates have become a part of our normal lives. Even if you don’t consider yourself someone who relies “that much” on technology to do your job you’ve probably noticed those notifications on your smartphone every so often about software updates. If you have applications on your phone, you’ve probably noticed alerts about updates on those as well.

Software updates aren’t designed to take you off-task throughout the day. These important updates are deployed to patch software and potentially close security vulnerabilities that could be exploited by hackers. Ignoring updates for weeks or months can potentially compromise the entire network.

If you think zombies in horror movies are scary, imagine an office full of zombie computers. Not the kind that shuffles around craving brains but the kind that participates in DDoS attacks or use your energy resources to mine cryptocurrency. You might be growing a crop of botnet and not even know it!

TRICK: The company makes national headlines when they become the victim of a serious data breach and customers have vital information stolen and potentially sold on the Dark Web. Depending on the industry the business operates in, executives may have to step down, massive fines might be paid, the organization's reputation damaged permanently.

Basically, everything that happened to Equifax. Initially, the former CEO and spokesperson for the company blamed the breach on failure to update software:

On multiple occasions, Mr. Smith referred to an “individual” in Equifax’s technology department who had failed to heed security warnings and did not ensure the implementation of software fixes that would have prevented the breach. A company spokesman did not respond to questions about that employee’s status with the company.

Later, that statement was walked back a bit, but still placed a large percentage of the blame on human error:

The company sent out an internal email requesting that its technical staff fix the software, but “an individual did not ensure communication got to the right person to manually patch the application,” Mr. Smith told the subcommittee. That was compounded by a technical error: The scanning software that Equifax used to detect vulnerabilities failed to find the unpatched hole, he said.

TREAT: Redundant data protection and network security are woven into the fabric of every company that is paying attention to the landscape of cybersecurity.

A proactive monitoring plan from an outsourced vendor can work with an on-site IT team, or work as the team depending on the level of need.

It all starts with a security audit so that needs can be assessed. No software updates are left behind, so vulnerabilities are not able to be exploited, and the businesses reputation remains strong. If this kind of action had been taken there’s a good chance the name Equifax would remain associated with just a credit reporting agency.

Phishing with Frankenstein

Email scams are nearly as old as the communication platform itself. “Financial pretexting” is a phrase used in the early stages of a social engineering technique used by hackers. Sometimes the would-be thieves can even use a legitimate-looking email address from within the organization to impersonate a high-level employee.

Out of the blue, accounting gets an email from an executive requesting some information about company bank accounts. The message is labeled urgent and needs a response quickly.

TRICK: This isn’t the same tactic as phishing, but it can have equally devastating consequences. If vital bank account information is sent via email, hackers won’t hesitate to steal funds or other sensitive information from the business.

TREAT: The employees in the organization have been trained on the best practices of cybersecurity. The message does appear to be from someone in the company, but the message seems fishy based on the contents and the request. A call to the supervisor confirms the suspicion that this is a fraud attempt and the company funds remain secure.