Time for some horror stories.
I’ve worked in IT for a while now. If you’re in any line of work for a long time, you’re bound to witness some bizarre events and extremely unwise practices – just ask Sue Gray if you don’t believe me. These are some that I’ve seen.
Now, admittedly, business IT doesn’t throw up the dramas of some professions. But IT does have a unique place in working life. It’s an essential set of tools we all use, but it’s also a potential vulnerability.
Get IT right and you’ve got a more efficient business. Get it wrong, and you’ll be wasting money, working inefficiently and at risk of cybercrime. This blog is about people getting it wrong.
I’m not writing this to poke fun at anyone. The point is this: at Biscuit, our business is about increasing efficiency and reducing risk. These horror stories are concrete examples of what happens when businesses neglect these concerns. So, without further ado …
Worst password I’ve ever seen
No contest here. The worst password I’ve seen is 8. No, that’s not the number of characters – it’s the entire password! If having a bad password is like leaving your front door unlocked, this is like leaving it wide open.
Least protected from cybercrime
You might think this was perhaps a tiny business with no in-house IT knowledge. Far from it. In fact, it was a company with turnover in the millions and a dedicated IT manager. Well, I say “dedicated” – he was mostly dedicated to planning his imminent retirement.
They hadn’t done any security updates of any sort for over 7 years. And lo and behold, cybercriminals attacked them and held them to ransom. To make matters worse, they had no backups or disaster recovery plan. So they had to pay the attackers. We came on board shortly afterwards and plugged the security gaps. The IT manager retired early.
We took on a customer whose broadband speed was 0.5 Mbps. If broadband speeds don’t mean much to you, that’s about as quick as a tortoise with a hangover.
Now, this customer was a small rural business. To work around these speeds, the director had to save everything on a USB key. He’d drive it to the local town and visit the library twice a day. Then he’d send what he needed to send using the library’s Wi-Fi and drive back.
We installed a 4G router that gave them 20Mbps – so that’s 40 times the previous speed! You might think that’s a lot of extra expenditure for a small business. But now that he no longer had to drive to town twice a day, the savings in fuel costs more than covered the router!
Worst thing people have put up with that was easily fixed
We took on a client who saved 20 years of invoicing in SAGE as live data. To those uninitiated in the ways of SAGE, this won’t sound like a big deal. But what it means is that SAGE updates the data regularly throughout the day – which slows it and the hardware down to unimaginable speeds. Think of the worst traffic jam you’ve ever been in.
As for the customer’s workaround, I have nothing but admiration. He’d log in to SAGE first thing to get it running. Then he’d go to the kitchen to prepare and consume a cuppa and some toast. On a good day, SAGE would be ready after he’d washed up!
When we started with this customer, they’d been putting up with this for years. The fix we applied couldn’t have been simpler – we just archived the historic invoices, which brought everything up to full speed. It’s not quite turning it off and on again, but it’s not much more advanced and now everything runs faster. This is clearly more efficient – which gives them even more time for tea and toast!
Worst phishing horror story
For the sake of the customer’s anonymity, I’ll keep the details a little vague here. The business here was quite large. Someone in the accounts team got an email purporting to be from a senior member of staff, saying “Please transfer £150,000 to this client’s account ASAP.” The accounts clerk duly did so. Then it happened again – and they transferred once more.
Later that day, the clerk walked past the senior member of staff. “I transferred that money like you asked”, she informed him. He did a double take and asked to see the emails. They were from a dodgy address, and written in a style that was out of character for the senior member of staff. Naturally, the “client” was some cybercriminal who couldn’t believe his luck. This was when they realised they’d been duped, to the tune of £300k.
Even the very best firewalls, anti-virus and password management are no match for a successful phishing attack. Anti-spam filters will keep out a lot of crap, but we always recommend training all staff in what to look out for. This business took us up on the suggestion shortly after this attack. As this story shows, it’s cheaper than the alternative!
The moral of the story
Like I said before, I’m not poking fun at anyone here. Not everyone’s an expert on IT. There’s no shame in that, and our customers are businesses that do all sorts of things we can’t!
The point is that if your IT’s not looked after properly, your business will suffer. It could be everyday inefficiencies that slow you down. It could be a cyber-attack that clears your accounts. And the whole point of Biscuit IT is to protect businesses from these threats.
What we do is managed IT. This essentially means we can do anything an in-house IT department would do – monitoring, maintenance, security, disaster recovery, helpdesk, Office 365 … I could go on. But the point I’m really getting at is that we can make sure these horror stories don’t happen to your business!
These are just some of the memorable things I’ve seen in my time in managed IT. No doubt you’ll all have seen your fair share. I’d love to hear them if you have! No names please!