Just in case you have been living under a rock, the “largest IT outage in history” happened last week, and it’s vibrations have been felt for almost a full week afterward. Microsoft and it’s vendor CrowdStrike’s endpoint security tool update caused an outage that included 8.5 million computers world-wide. And here in Columbus, Ohio, we felt it too–from cancelled vacations to cancelled surgeries or financial transactions.
Businesses and economists have long dreaded such a scenario from hackers through ransomware or malware. But we think living through an outage like this can help reduce the uncertainty around any future events. And here at BlueTeam Networks, we suggest that it should also be a positive motivation for SMBs to create contingency and disaster recovery plans, to train employees to avoid the increased phishing attacks, and to make sure that they are working with trusted partners.
Now Office Managers, Controllers and CIOs who are already trying to convince owners or boards to invest more in security tooling may have a greater task. But if we look at it all in perspective, the catastrophe of the CloudStrike outage affected only a single digit percentage of computers (some have said only 1%). But when you look at the number of computers taken down by ransomware attacks over the last five to 10 years, it pales in comparison. Technology is not going anywhere, and these types of vulnerabilities are a part of doing business today.
Six Proactive Steps for SMBs to minimize impact of future IT outages:
- Develop an incident response or disaster recovery plan: Create a robust plan that outlines how to respond to outages, including communication protocols, backup and recovery processes, and alternative working conditions. It is important to put both technical and non-technical controls in place to protect business operations when issues arise.
- Diversify software dependencies: Don’t rely on a single vendor or platform for critical systems. Consider cloud-based services or multiple vendors to reduce single-point failures.
- Ensure regular backups of critical data: Perform backups both locally and to the cloud and monitor for failures.
- Prioritize updates to important software: Regularly update operating systems, application, and security software to make sure you have the latest patch and security fixes.
- Security Awareness Training: Phishing attempts have risen two-fold—first from scammers in an attempt to exploit the CloudStrike outage, and also as a result of AI-enhanced techniques. Training your employees to spot a phishing attempt can save your entire organization countless hours and dollars.
- Monitor your system performance: Allow monitoring tools to detect potential issues before they escalate, so that swift action can be taken to mitigate the impact.
Help is on the Way… What can BlueTeam Do to Help?
Here at BlueTeam Networks, we specialize in identifying and addressing security gaps. Our commitment extends beyond mere protection; we continuously evaluate and control risks, so we can ensure your company remains protected and resilient in the ever-evolving landscape of cyber threats. From our home base in central Ohio, we provide comprehensive risk assessments that safeguard your business from potential threats. Here’s how:
- Conducting a thorough IT assessment to identify vulnerabilities and areas for improvement
- Implementing business continuity plans with robust backup systems and disaster recovery strategies
- Providing training and support for your staff to ensure they’re prepared for any phishing or outage events
- Compliance controls to protect the integrity, confidentiality, and accessibility of information stored, processed, or transferred – often mandated
Don’t wait until it’s too late–deploy best practices along with multiple layers of security to help your company’s data and client’s data is safe. Serving the Columbus area, we have added experience with HIPAA, law firms, and other verticals that have special compliance needs.
By Cara Adams, IT Marketing, BlueTeam Networks
* “Five lessons from the CrowdStrike Windows IT outage”, TechInformed, July 25, 2024
* “Learning from the CrowdStrike outage”, Fisher Investments, July 25, 2024
* “What Can We Learn From the Crowdstrike Calamity?”, Bloomburg, July 22, 2024
* “Microsoft-CrowdStrike Outage: Lessons Learned for SMBS”, netEffx blog, July 23, 2024