TIME TO READ: 5 MINUTES
If your new IT Consultant looks concerned, it means something's wrong with your business' IT. Very wrong.
Why should that worry you? Simple . . . IT disasters can have serious operational and financial consequences for your business!
Consequences like these:
- Major Hardware/Software Failure: You'll have costs to replace server hardware, rebuild the network, retrieve data from backups, restore/upgrade applications, and the lost productivity that goes along with it.
- Data Loss: Costs to restore data or recreate it (if not backed up).
- Cyberattack: Costs to restore systems, IP theft, customer identity theft, possible lawsuits, and damage to your company's reputation.
At some point in the past 20 years, customers have come to us with every one of these IT disasters.
When we visit a new customer and see a "danger sign" for impending IT disaster, it concerns us. Here are our top 6.
6 "Danger Signs" in a Customer's IT Environment
- The Spaghetti Data Center.
You've seen photos of these. A huge mess of network wiring in the server room, all jumbled together. Sometimes these "Spaghetti" Data Centers don't have AC and/or backup power either.
Basically if there was an emergency (cyberattack, power surge), it would take forever just to figure out what controls what. Delaying the entire business' recovery from the emergency.
(Relevant Article: Cable Management Tips from the Pros)
- The Ransomware Plague.
Ransomware is one of the scariest things in the IT world. Not just for its extortion, but for its destructive capacity. Some ransomware will outright destroy entire computers AND servers!
On average, less than half of all ransomware victims who pay the ransom get their data back. (Source: MonsterCloud) This is why we worry—we know we can rebuild everything—we just don't if we can restore all files afterward (depending on the backup strategy).
(Relevant Article: 3 Ways to Protect Against Ransomware [and Why Everyone Needs To])
- The Aging Network.
Older network hardware that's still in use, well past its End of Life. For a rule of thumb on End of Life, look at these numbers:
- Servers over 7 years old
- Network gear over 7 years old
- Software past its stated end-of-life date (which means you have no more support)
Aging network hardware slows down the entire network. Slow performance hurts productivity. It also weakens the network's overall security, since you won't receive firmware and software updates anymore. Think of it like a security guard, sleeping on the job. Someone's going to find their way in.
(Relevant Article: When is an "Old Server" Too Old?)
- The Vanished Backup.
No functioning backup at all. A backup stored on the same server. A backup to a portable drive, sitting right on the server. And yes, we still see tape backups. These are all bad backup choices.
If it’s not backed up offsite, you don’t have a backup.
What happens in case of physical disaster (fire, flood, earthquake)? Ransomware attack? Someone walks off with your portable hard drive? Your server dies with its backup still on the same system? What if there's a break-in and someone steals your server, with its backup?
Without offsite backups, ALL of the other "danger signs" here turn into business-closing events.
(Relevant Article: 6 IT Safety Measures to Protect Your IT in Case of Disaster)
- The Unlocked IT Backdoor.
By 'backdoor' here, we refer to IT security controls. Policies meant to protect the company, and everyone in it, from data theft. When you don't have such policies, you're essentially leaving the door open.
These are a few examples of IT security control failures/unlocked backdoors:
- No controls on physical access to the company servers (locked doors, cameras).
- All employees have administrative access on their workstations.
- Unused ports in your network left open.
- No IT off-boarding controls exist for separated employees.
- Using remote desktop services without a VPN connection.
Lack of IT controls constitutes a single message to the internet: HACK US!
Worse: You may have an unlocked backdoor and not know about it. If you haven't documented your network, nobody knows what's open where.
(Relevant Article: 5 Big Benefits Your Company Gains from SOX)
- The Sleeping Firewall.
Most ISPs will provide the necessary hardware to access the Web. With them, in some cases (but not all), comes a basic firewall. Don't use this firewall. It’s not configured to defend against the legion of cybercriminals out there.
(Relevant Article: Why Business-Grad IT Lowers Your TCO)
Let's all avoid the "concerned consultant" look! Follow these best practices to avoid IT disaster.
- Clean up the wiring in your Data Center. (Customers hire us to do this all the time.)
- Perform a full-scale backup review, and perform test restores.Cloud backups are a MUST.
- Replace network and server hardware older than 7 years. Keep your software up to date as well (no apps older than 3 years).
- Institute IT controls that protect physical and virtual access to your network. Look at SOX IT Controls for a great example.
- Replace your firewall, if your ISP provided it.
- Have an IT Consultant perform a network penetration test. These tests identify all open ports, firmware and software update status, and rate the security of your network.Then you can remediate any issues discovered in the test.
The cost of following these best practices is MINOR, compared to the cost of recovering from a major IT disaster.
Now that you know the "danger signs," you only have one thing to do—prevent them!
Want to get your network on solid ground fast? Email us at firstname.lastname@example.org for help!