5 Critical Business Risks Your IT Support Company Should Protect You From
Most businesses nowadays are critically dependent on their IT systems to continue to operate. In extreme circumstances a loss of IT services could put the business in peril. To ensure that they have functional systems and to manage costs they outsource their support needs to an external IT Support Company.
The selection of the correct IT Support Company can be critical to the future of the company. It must be sufficiently business aware to recognise the business risks that could affect the future of the company.
Five typical business risks that the IT Support Company must be aware of and guard against include:
Loss of Service – Power and Connectivity
Often it is the simplest things that can go wrong. A power supply failure stops the IT function dead in its tracks. Loss of Internet or VoIP connectivity (often the same thing) can isolate business from its customers and mobile staff.
The IT Support Company must ensure that there is an adequate backup power supply available. It will certainly include UPS and battery backup and may also require a generator if outages are likely to be prolonged.
A properly configured UPS will also provide power conditioning to protect equipment.
The IT Support Company should periodically check that the backup power facilities are operational and providing sufficient coverage.
Loss of Service – Software Failure
Systems and applications software require regular updating, either bug fixes, or version upgrades. There is an inherent danger in applying software updates.
The first problem is that of malformed updates. It wouldn’t be the first time (ask Microsoft) that software upgrades have made IT systems inoperable and shut them down completely.
The second problem could be that of introducing incompatibilities between applications, making them either operate incorrectly or perhaps not at all. Business functions relying on correct integration will be affected.
The third problem is that the update introduces operational errors, perhaps affecting data.
A fourth problem is that if the functionality of an application changes, then users may need training in the new or changed environment.
The IT Support Company should not just implement updates in the live production environment. They should use Internet User Groups, for example, to research if there are any issues with the update.
They should also test the update in a test environment before committing the changes to the production environment.
If user retraining is needed, then they should advise the organisation and carry it out.
Like the poor, malware is always with us. The most common distribution vectors are via the Internet and email.
The FBI has determined that the biggest risk to an organisation lies between the desk and the chair back. Most malware attacks succeed because of user action or inaction. Users clicking on a link in an email or website can initiate a phishing attack. Another common vector is users bringing removable media, for example, a DVD or flash drive with information from an infected home computer. Plugging it into an unprotected desktop system can infect the desktop and perhaps the entire network.
The IT Support Company should ensure that the core systems are properly protected with anti-malware hardware and software, correctly configured and kept up to date. They should also ensure that desktop computers are also protected with anti-malware software, centrally updated in an environment that does not allow users to disable it.
IN some environment they may also need to proactively monitor network traffic to guard against external attacks, for example, DDOS.
Intellectual Property Theft and Industrial Espionage
All organisations have the information they don’t want to become public. For some organisations, for example, legal firms, confidentiality is a statutory requirement.
Again, the FBI estimate that worldwide, industrial espionage is a multi-billion dollar business and has led to the demise of many companies.
It can occur electronically. A variant of the phishing exploit, commonly called spear-phishing is where a thief targets individuals in the organisation in an attempt to obtain user credentials that will give them access to confidential or financial information. The user clicks on an Internet link that downloads software to their desktop. The malware is a keylogging application which records user keystrokes and passes them back to the thief.
It can be as simple as phoning the individual, pretending to be from IT support and requesting their credentials so an “important software update” can be installed.
The key is awareness. The IT Support company needs to be aware of current threats and carry out an education programme among users to make them aware of threats and what to do if they suspect something is wrong.
They should also ensure that their core anti-malware systems include the ability to block access to suspect internet sites. In some cases, it should also block access to external Cloud filing systems like OneDrive and Dropbox.
Fraud and Identity Theft
Similar to the preceding threat is that of outright theft of company assets by impersonating another user having unauthorised access to information. This can be by an internal user or by an IT Support Company employee with access to confidential information.
The anti-malware programme should emphasise that users should treat their credentials with the same care as their ATM PIN number.
The IT Support Company should also ensure that employees operating in a position where they have access to confidential information are trustworthy.
These are only five business risks that organisations and IT Support companies should aware of. Vigilance is required.