The criticality of preventive maintenance to business cybersecurity and IT continuity

We all know that awful feeling when technology isn’t working as we expect, or worse yet, we suspect our security has been breached. It sparks anxiety, frustration and even impulsive decision making. But just how did we get to such an unpleasant place?

Preventive maintenance reduces technological friction

Most episodic technological failures relate to problems that have been lurking for some time, such as a slowly failing hard drive, an ongoing hack or malware infection, or a failure to backup data properly. These types of common problems are easily prevented by having cybersecurity and IT professionals regularly review your business’ technological assets and ensure that they are being maintained properly. Envescent encourages all of our clients to perform preventive maintenance to reduce likelihood of costly, work stopping problems.

Example #1

Envescent helped a local accounting firm salvage their data from a failed RAID during the height of tax season. This same firm thought their backups were working and had no idea one drive in their RAID had already failed. Why? Because no one was checking on these things so they were just assumed to be OK.

But they weren’t. When the second drive in the RAID failed, the firm looked to their backup and realized it was not doing its job. Then panic set in. We received a frenzied call about their data being lost, and how critical it was to get it back. After assessing the situation we agreed to help the firm and were able to recover all of their valuable data — saving them from going out of business as we were told.

Yet none of this had to happen. If instead the accounting firm had preventive maintenance, even as seldom as once a month, this RAID drive failure and backup misconfiguration would have been caught and rectified. Meaning that the firm would have saved thousands of dollars and the stress of facing dissolving as a company and any legal and financial liabilities from clients  if their data and work product could not be recovered.

Example #2

A video game developer reached out to Envescent with a pressing concern about malicious hackers undermining their security. During our initial interview we were told that malicious hackers were selling cheats, in-game currency and even threatening to DDoS servers and try to crash the entire game. There was palpable anxiety about what had already transpired, and the situation had significant potential to escalate.

We began our work by performing an audit of the attack surface of their cloud presence. During that audit we discovered that the majority of the operating systems, services, applications and dependencies had never been updated. That means crucial security patches were never applied during the life cycle of their cloud presence, which at this point was years old. In a nutshell the security had as many holes as Swiss cheese.

In addition to identifying the vulnerable attack surface in their cloud, we performed a systems and network audit at their office and identified a number of pain points that needed remediation to prevent attack.

After we secured their cloud and office, gathered evidence on the malicious hackers — tracking them down to the actual individuals involved and their whereabouts — the problems ceased. This episode was avoidable, however, with preventive maintenance. If the cloud and office were checked on by a cybersecurity expert on a regular basis these issues would have been identified, fixed and in all likelihood there would have been no discernible attack surface for the malicious hackers, who gave up after our efforts, to attack.

Example #3

Our team was called in to help a construction professional services firm track down what they had suspected to be an insider data leak. We were informed that the party was disgruntled and had left the firm on bad terms, taking client data and trade secrets with them. Our job was to identify what may have been exfiltrated, how that may have occurred and whom with it may have been shared.

We performed an extensive digital forensic investigation and were able to identify the source of the breach, the data in question, how it was exfiltrated and the parties it was sent to by examining the digital footprints left behind and with some thoughtful cybersecurity sleuthing. Further, we were able to make constructive suggestions to help the firm prevent this sort of insider data breach from happening in the future.

This is another situation where the entirety of the problem was avoidable with preventive (cybersecurity) maintenance. If the systems, network and cloud presence was regularly checked for security and a permission matrix was configured to govern who has access to what data, then this issue would have been prevented. Further, the company had no IT policy in place, specifically to inform employees about their expectations of data handling and privacy at work.

Our company helps clients prevent this type of nightmare scenario through preventive cybersecurity maintenance. Envescent also helps clients craft such policies to ensure they are a good fit for the firm’s actual IT practices and expectations from employees.

The best defense is an investment in preventive maintenance

Technology is an investment and its best to treat it as such. When tangible improvements are made to stability, speed and security it pays dividends: a competitive advantage, a strong moat defending sensitive data and trade secrets, increased productivity and confidence of employees and ultimately a better client experience.

Envescent can help your business gain an edge by performing preventive maintenance to get ahead of problems before they become costly to business finances, productivity and reputation. Contact us to learn more.

Posted in Cloud, cybersecurity, Data recovery, IT support, Malware, Services.