Do you still have servers sitting in the back of your office (or business) somewhere?
Time to get rid of these old servers.
This won’t be a commercial for cloud servers. But you should think about moving to the cloud after reading this.
I am a member of an advisory board for a large (non-profit) institution. One of the senior administrators mentioned a few days ago about “internet issues each day for the past week.” Odd.
Business owners and administrators often have problems anticipating problems. It’s not a jargon problem, but more an identification issue. A big part of the problems businesses (large and small, for-profit and not-for-profit) have is being able to identify and explain the problem.
At the monthly meeting last night, this was the first topic. It wasn’t an “internet” issue. The conversation began with a question. “Does anyone know what ransomware is?”
Not maintaining servers can create serious problems.
There are four servers installed on location at this institution. Ransomware has compromised three of the four servers. All files become locked and encrypted. Some outsider owns the only access to your files. If you want access to your files, pay the ransom.
If a business is regularly backing up files the loss can be circumvented. Or at least, mitigated.
No one needs to physically break into your location to do harm to your servers. In this case, it seems these hard working computers were left unmanaged. The most recent backup was completed two weeks ago. Now we have identified a procedural problem.
No policies were in place to routinely back up files. This also implies there may have been no one “caring” for the servers. There were no updates or patches installed. No programs for antivirus were installed.
Why are patches and updates important?
Software providers periodically provide updates when they learn ways outsiders can access a system. Software patching needs updating as soon as possible. Patches prevent break-ins. This is why a laptop or home computer needs to reboot or install updates. Patches cover up the holes found by hackers.
How can this happen in 2019?
Many small businesses operate with the belief, “this will never happen to me.”
While the servers are on location, there are open ports allowing access from the outside. Servers ought to be in the cloud, where they can be properly secured. One reason “on location” fileservers can be hacked into, is because they need to be continually patched. Without an IT person watching this stuff 24/7, the patches and updates don’t happen, creating windows (access) for outsiders to access. IT security can no longer be a part-time weekend job of the owner.
It’s going to cost some money to fix this problem. Recovering recent data will be impossible. Rebuilding a computer system will cost money. The budget does not include these expenses. Some procedures need to be in place to stay on top of this.
The reason I’m bringing this up with you is to make certain you are not caught flat-footed in the same situation.
Not all data was compromised. Some files were backed up on Google drive or DropBox. These are not completely secure options for businesses. It is not a total loss. But it is a huge wake up call.
Businesses must disclose when security breaches occur. Disclosures are never a happy event. Don’t let it happen to you.
Other than the famous data breaches in the news, what have been your horror stories?